A new report from Secret Double Octopus quantifies the potential financial benefits for organizations that implement passwordless authentication practices. The study was conducted in collaboration with the Ponemon Institute, and showed that the average organization can save as much as $1.9 million on a regular basis with a passwordless authentication system.
That total captures a number of different factors. Most notably, the use of passwordless technologies dramatically reduces the number of password-related calls to the IT department, and that alone can generate more than $530,000 in savings. In that regard, password troubles account for 43 percent of the help desk calls in organizations that still use them, and only seven percent of the help desk calls in organizations that don’t.
Since there are fewer password complaints, employees have less downtime while those password issues are resolved. That translates to an additional $1.4 million in savings because the business is more productive and enjoys a better reputation. That business is also less likely to have to pay off ransomware because a password becomes compromised.
In terms of adoption, Secret Double Octopus found that the remote work environment is driving more businesses to implement passwordless authentication protocols. Sixty-one percent of the respondents credited remote work as a key influence in their security decisions, and roughly the same number are now using some form of multi-factor authentication. However, there is still considerable room for improvement. Only 11 percent have switched to passwordless for the majority of their applications, and multi-factor authentication rates are below 40 percent for servers, VPNs, and mobile applications.
Secret Double Octopus attributed that to an education gap, insofar as 40 percent of those that have not adopted passwordless solutions still erroneously believe that passwords are more secure than alternatives like biometrics. The majority of respondents felt that remote work has made the cloud less secure, while 63 percent identified phishing as the biggest password-related threat to their organization.
“Many organizations may feel they are doing the most expedient thing for securing their organizations by rolling out more conventional MFA, but the data clearly show there is an enormous amount of lost productivity and financial risk by not removing the link between the password and the employee,” said Secret Double Octopus CMO Horacio Zambrano.
The study reflects the feedback of businesses in the United States. Secret Double Octopus’ authentication server received FIDO2 certification back in 2019, while the company itself brought in $15 million in Series B funding in April of 2020.