The hidden costs of passwords – why it’s time to go passwordless authentication
Passwords are crucial for online security but their financial and operational burdens are unsustainable. Around 81% of data breaches are due to weak password practices1. Hackers use known weaknesses, putting individuals and businesses at risk, particularly when they exploit phishing tactics. This is where Keycloak offers a comprehensive solution for implementing passwordless authentication, strengthening security and improving user experience. Adopting passwordless systems reduces risks and boosts operational efficiency, making it an ideal choice for IT leaders to understand the risks associated with traditional password systems.
Real-world consequences
Weak password is a significant threat that can lead to various negative consequences. A single breach might be devastating, especially if it involves phishing attacks that compromise sensitive data. Prime example is the 2021–2023 Facebook problem, in which millions of users were exposed to credential-stuffing attacks using passwords that had previously been leaked. This vulnerability serves as an example of how intertwined our digital lives are, since a single flaw in the authentication process can lead to a number of problems for both people and companies.
Those events can be followed by significant financial losses, including regulatory fines, legal fees, and remediation costs. Trust decline among users can also be a consequence of such incident, with long-term revenue implications on organisation. Compliance risks are also significant, as organizations must adhere to standards such as GDPR and HIPAA.
This reality underscores the need for a multi-layered security approach, where robust password policies are just one part of a comprehensive security strategy. Transitioning to passwordless authentication solutions like Keycloak offers a compelling alternative, significantly reducing these risks and enhancing overall security.
Interested in Keycloak Managed Service?
Financial burden of passwords
From working with different clients in identity and access management, I’ve observed how these costs accumulate in four key areas:
Help desk costs
The high number of help desk calls regarding password issues is significant. Data indicates that 20-50% of help desk tickets are associated with password resets and similar inquiries. For a mid-sized company receiving about 500 help desk calls monthly, they likely spend thousands annually managing these tasks. This issue drains operational budgets and diverts essential resources from strategic initiatives. Gartner estimates that each password reset costing around $702 .
Productivity losses
Locked accounts and password resets frustrate employees and reduce productivity. Studies show that a single password reset can consume as much as 30 minutes of an employee’s time can be saved by implementing a token-based passwordless authentication method. For a team of 100, employees can benefit from a streamlined security process by utilizing a passwordless method. If each experiences just one reset monthly, this could amount to 50 hours of lost productivity due to inefficient authentication processes. In a dynamic business setting, this lost time leads to decreased revenue and lower employee morale. For an organization of 15,000 employees, this would mean productivity losses of $5.2 million each year 3.
Security Breaches
Data breaches resulting from weak password security can lead to significant financial losses. IBM found that the average cost of a data breach in 2024 was $4.88 million 4 . Weak passwords often allow cybercriminals to gain unauthorized access and steal data. A case in point is the Yahoo data breach in 2013, which compromised over 3 billion accounts, serving as a stark reminder of how inadequate password practices can lead to disastrous financial repercussions .
Password management solutions
Although password managers improve security by creating and storing complex passwords, they also incur additional expenses. Many solutions charge per user per month basis, which can quickly add up for larger organizations. For instance, a company with 1,000 employees using a password manager $5 per user per month would spend $60,000 annually. These expenses add to the existing challenges of traditional password management.
Ultimately, the financial burden of passwords is significant, representing an area where businesses can reduce costs and enhance operational efficiency. Shifting to passwordless solutions such as Keycloak addresses these costs and enables organizations to redirect resources towards growth and innovation, while also reducing the risk of phishing through the use of tokens and multifactor authentication.
Image source: www.keycloak.org
A passwordless method of authentication with Keycloak
Keycloak is a popular choice for organizations transitioning to passwordless authentication. Its integration with existing IT systems is straightforward, supporting protocols like OAuth 2.0 and OpenID Connect, ensuring minimal disruption and efficiency. Keycloak addresses user adoption challenges by providing intuitive interfaces and thorough documentation, offering multiple authentication methods like biometrics and security keys, and offering ongoing training and support. This empowers users to choose what works best for them, building acceptance and mitigating resistance to change.
Keycloak also leverages advanced technologies to dynamically enhance security. Its capacity for implementing multi-factor authentication (MFA) and adaptive security measures is particularly beneficial. Organizations can customize security protocols based on user behavior and context, such as prompting for additional verification with a one-time token if a login attempt is made from an unusual location. This approach reduces risks and helps build a security system that can adapt to new threats. Overall, Keycloak is a valuable choice for organizations looking to transition to passwordless authentication using methods like FIDO2.
Why its worth to go passwordless
We can reduce expenses related to help desk support, productivity losses, and security breaches. By adopting passwordless management, companies can redirect their resources toward growth-driven initiatives while ensuring they authenticate users securely with biometric methods. Keycloak is a strong option for IT leaders aiming to boost security and simplify user experiences. Keycloak integrates smoothly with existing systems and offers adaptable security measures, including biometric authentication options. This makes it a top choice for companies transitioning to passwordless systems.
Organizations should actively explore the transition to passwordless authentication. Adopting this modern method strengthens security and boosts efficiency, creating a more secure and productive digital environment for all.
Resources:
- Risks of Default Passwords: Why Passwords Create Vulnerability – swIDch, https://www.swidch.com/resources/blogs/risks-of-default-passwords-why-passwords-are-a-relic-of-the-past
- Password Management: Getting Down to Business – Infocesurity Magazine, https://www.infosecurity-magazine.com/webinars/password-management-getting/
- How Much Time—and Money—Does Your Organization Spend on Managing Passwords? – Bloomberg https://sponsored.bloomberg.com/article/business-reporter/how-much-time-and-money-does-your-organization-spend-on-managing-passwords
- IBM Report: Escalating Data Breach Disruption Pushes Costs to New Highs – IBM – https://newsroom.ibm.com/2024-07-30-ibm-report-escalating-data-breach-disruption-pushes-costs-to-new-highs
- Wikipedia – a resource that details various forms of authentication, including passwordless methods. https://en.wikipedia.org/wiki/Yahoo_data_breaches
See why Keycloak may be the best choice for your passwordless login needs!
