The average office worker in the United States must keep track of between 20 to 40 different username and password combinations. With so many passwords to remember, many of us use the same ones over and over, or have a running list of passwords saved somewhere. Passwords are a very serious and expensive security risk. It’s why companies like Microsoft , Apple and Google are trying to reduce our dependence on them. But the question is, can these companies break our bad habits?
Update (January 21, 2020): A website mentioned in this video, WeLeakInfo, was shut down by the Federal Bureau of Investigation and other law enforcement agencies on Friday, Jan. 17, 2020. The site claimed to have more than 12 billion usernames and passwords from more than 10,000 data breaches. Passwords are a very serious and expensive security risk. A report by Verizon looked at 2,013 confirmed data breaches and found that 29% of those breaches involved the use of stolen credentials.
Another study by the Ponemon Institute and IBM Security found that the average cost of a single data breach in the U.S. was more than $8 million. Even when passwords are not stolen, companies can lose a lot of money trying to reset them.
“Our research has shown that the average fully loaded cost of a help desk call to reset a password is anywhere between $40 or $50 per call,” says Merritt Maxim, vice president and research director at Forrester.
“Generally speaking, a typical employee contacts a help desk somewhere between 6 and 10 times a year on password related issues,” Maxim said. “So if you just do the simple multiplication of six to 10 times, times 50 dollars per call, times number of employees, in your organization, you’re talking significantly hundreds of thousands of dollars or even potentially millions of dollars a year.”