Average organization saved $65K in 2023 with self-service password resets 

Resetting passwords is a time and resource sink for IT helpdesks – Gartner found 40% of all help desk calls to the service desk are related to password expirations, changes, and resets. However, resets are also a part of life for any organization using passwords. There are perfectly valid reasons an end user might need to reset their password. They might have forgotten it, the password expired as part of a regular expiry interval, or it was flagged to be changed because of a potential breach or compromise.  

So how much exactly does each password reset cost your business? Forrester estimate each reset costs $70, which extrapolated out over the years means a lot of money is spent on resetting passwords. 

If we can estimate the cost, we can also estimate the savings an organization makes with a self-service password solution like Specops uReset. We’ve taken anonymous data from over 700 Specops uReset customers to work out how many reset events have been handled via self-reset rather than going through the helpdesk. You can use your own end user numbers to see how much your organization could potentially save by switching to a self-service solution.  

Password reset data highlights  

How often are end users resetting their passwords? 

We randomly selected over 700 organizations from our customer base across the US and Europe. It’s worth pointing out that uReset is used by customers of all sizes, so the total number of resets for an organization of 100 users is going to be very different to an organization with 100K users. But for the sake of this research, we’ll be using averages. 

In 2023, there were over 650,000 password resets carried out by the selected customers using our self-service password reset solution. This averages out at 923 password resets per organization, per year. Each end user is carrying out roughly two resets per year. Using Forrester’s cost estimate of $70 per password reset, this means the average uReset customer saved $64,610 in 2023 or $136 per end user on password resets.   

How often are end users unlocking their accounts?  

Out of our analyzed customers, we found that their end users are unlocking their accounts on an average of four times per year. A common reason for an account unlock is a forgotten password. This in turn can lead to frustration and end users creating weak, easy-to-remember passwords, or (even worse) reusing passwords across various accounts. Passphrases are a great way to get end users to create longer, more secure passwords they can actually remember – you can read our best practice guide to passphrases here

There are a few more reasons why someone gets locked out of their account. They might know their password but have tried to login too many times with the caps-lock on or used the wrong keyboard language. It’s possible they changed the password but didn’t the reset didn’t update across all devices. They also may have left themselves logged in on another computer with the old password (after it was changed) and that caused the lockout. Or sometimes someone is maliciously locking the account out to disrupt the user/business. Each of these takes different levels of effort to resolve – some are quick fixes while others can take a lot more effort to track down the issue. 

There will still be occasions where account unlocks are needed. The value of uReset is that end users can do this securely themselves, rather than calling the helpdesk. Using Forrester’s cost estimate of the helpdesk stepping into help, this means the average uReset customer saved $48,230 in 2023 or $266 per end user resolving locked accounts

World’s top resetters 

It’ll come as no surprise to IT teams that some end users call the helpdesk more than others. But when analyzing our global results, we found ten individuals were responsible for a staggering 5,703 resets in a single year. This suggests they’re getting constantly locked out for some reason of they simply unlock their account every day as a method to log in and start work. If these end users were contacting helpdesks to do this, the costs per user would be in their thousands. These outlier results show how a few end users can be really costly to an organization.  

The truth is some users need extra training and guidance when it comes to passwords (and cybersecurity in general). uReset offers dynamic feedback within an end user’s browser, helping to guide them towards creating a strong password that meets your policies. Customers can also choose to integrate Specops Password Policy to ensure end users aren’t choosing passwords that are known to have been compromised.  

When were resets most common? 

We also looked at the percentage of resets taking place between the months throughout 2023. Across the customers we analyzed, there was a spike in the percentage of resets for December (6.8%) to January (8.6%), suggesting people often forget passwords over the Christmas and New Year period. There was another significant jump between July (7.6%) and the month with the highest number of resets, August (10.5%), which may be due to people forgetting passwords over their Summer holidays. The highest number of resets we found in a single day was 14th August 2023 (3,546).  

But despite some jumps, the data shows password resets are common all year round. In an average month, there were 41,126 password self-reset across the over 700 analyzed customers. That’s roughly an average of 58 self-resets each month per customer – so a savings of $3,990 per month according to Forrester’s cost estimate.  

What could you save? Try uReset for free  

Every organization has different specific needs and challenges, but you can make a rough estimate of potential savings based on the data in this blog given your total number of employees. Another cost-saving to keep in mind is that uReset will update the local cached credential for hybrid workforces to keep the costs of password resets low. Interested to learn more about what you could save and see how Specops uReset could fit in with your organization in practice? Get in touch and we can arrange a demo or free trial.  

(Last updated on July 30, 2024)

picture of author marcus white

Written by

Marcus White

Marcus is a Specops cybersecurity specialist based in the UK. He’s been in the B2B technology sector for 8+ years and has worked closely with products in email security, data loss prevention, endpoint security, and identity and access management.

Back to Blog

Related Articles

  • Are password reset solutions still relevant?

    In case you haven’t been keeping up with the latest password guidance from noted cybersecurity organizations, it has changed from the traditional advice given regarding password security and password security policies. There are new and better ways to protect and secure account passwords than legacy password policy configurations.   One of the areas of password policy guidance that been the subject of…

    Read More
  • Helpdesk password reset best practices

    If your organization is currently using a self-service password reset solution, it is critical that the helpdesk staff who manage the system, and assist users, consistently follow best practices. This post will provide tips for reducing password-related calls to the helpdesk, and outline some security measures for safeguarding user accounts. Educate and direct to self-service…

    Read More
  • How to lock down your Active Directory password reset process

    Attackers target helpdesks with social engineering attacks to gain unauthorized access to user accounts, which they can use to compromise an environment or launch ransomware attacks. When done effectively, they can bypass MFA and avoid having to verify their identity. It’s possible (and highly recommended) to have a solution in place that lets helpdesk agents…

    Read More