Recently, I had a conversation with someone at a very large companya very, very large company with hundreds of thousands of employees. They are doing manual password resets. Last year, they did close to 600,000 password resets at the service desk.
Let’s do some quick and dirty math here. The median cost per ticket across all channels according to the HDI 2016 Technical Support Practices & Salary Report is $18.50. But password reset calls are relatively fast and easy for the desk to do, so let’s call it half that: $9.25 per password reset.
$9.25 x 600,000 = $5,550,000
Yes, that is more than $5.5 million in a year. For password resets. That’s about 1,644 resets per day at a cost of more than $15,200 per day.
Granted, this company is in a very highly regulated industry, and the requirements for password resets are undoubtedly stringent. But there areand have been for quite a few yearspassword reset tools and identity management tools that not only offer good security, but also are relatively easy for the end user.
Slapping a reset tool on the problem may not have the desired effect, however. Several years ago, HDI did some research into password resetsthen about 30 percent of all ticketsand found that calls to the service desk actually increased after a reset tool was installed. One of the prime reasons for this outcome is that many organizations have systems that the password reset tool cannot connect to. Once users discovered that the tool couldn’t do what they wanted it to some of the time, they reverted to calling the desk all of the time.
The other part of the cure for password conundrum, then, is to make as many of the various systems around the organization talk to the reset tool. This is generally not something the support center can do unilaterally; developers and system administrators need to be involved as well. Sometimes, it simply can’t be done for some of the organization’s current systems, and it could be years before those systems are replaced.
I once had a support center manager tell me, “I’ve paid a couple of mortgages off on password resets.” In other words, “It’s job security.” From my perspective, that’s a terrible way to look at it.
The costs of all those resets are being passed on, in one way or another, to the company’s customers
It reinforces the idea that the service desk is nothing but a cost center
Resetting passwords is a non-value-added activity
Even given the variables of implementing a password reset or management tooladoption, ease of use, etc.the potential for savings here is enormous. If the reset tool was used only one-third of the time, it would reduce support center cost by about $1,850,000 annually (yes, minus the costs of the tool).
Of course, there is also the question of human error. One of the dangers of having manual password resets is that the service desk is vulnerable to social engineering methods of attack.
The person I spoke with is working with senior management to change the status quo. I’ll be very interested to hear more as the story progresses.
If you found yourself and your company in a position like this, what would you do?