My workday probably starts the same way as most people’s. I turn on my computer and enter the first password. Dozens of programs and websites open by themselves, and half of them demand a password. During the day, I occasionally go to more websites and programs and sometimes must log in there, too. This process is so ingrained in our daily routine that we hardly think about it. Yet, logging in over and over comes with a hefty hidden cost in terms of time, money, and security.
Time Is Money
Every time we enter a password, it takes us out of our workflow. You try remembering the password, enter it correctly, and click on login before getting any work done. For added security, we add two-factor authentication and the need to have a smart card, dongle, or app on our smartphone ready.
Let’s assume you use three applications and need 30 seconds per login. That’s one and a half minutes lost per day. However, you aren’t the only one in your company. Let’s take a small software development company of 40 people, and we lose one hour a day. At $150 an hour for a developer and 200 working days, it adds up to $224,000 lost on three 30-second password routines.
Now, add in two-factor authentication via SMS. You enter the username and password and often wait up to two minutes for the text message to arrive. Two minutes and three logins result in six minutes of wait time. Sticking with the fictitious company, you’re already looking at $900,000 wasted yearly.
Security Theater
While many of us might feel safer entering passwords more often, it has the opposite effect. According to the Cybersecurity & Infrastructure Security Agency, the complexity of passwords decreases the more passwords a user has to enter.It doesn’t matter whether the user has to enter different passwords or the same password repeatedly; that even applies to the master password for a password manager program.
Not only does the password quality decrease, but according to a recent study by 1password, the repeated entering of a password significantly increases employees’ frustration about cyber security. This feeling, in turn, decreases the awareness of phishing and other IT practices.
Three Ways To Improve Security
But there are three things companies can do to reduce the hidden costs of logging in.
Optimize Your Procedures Now
Using the power of cloud computing, bad actors can crack short passwords in seconds, even without quantum computers. The best answer to counter that threat is to take a holistic and integrated perspective on cybersecurity. Centralizing identities across all services in a centralized identity management system is the first step, plus mapping out the sweet spot between user acceptance and system strength. That often requires updates of existing applications and procedures. Many Fortune 500 companies have started this journey already, but smaller businesses are unfortunately lagging.
Go For Single Sign-On
Even when workers share desks or data entry points, a single login when engaging with a device is sufficiently safe and much more effective. If fewer passwords are more secure and productive, why do we still see login screen after login screen?
IT managers identify the advantage as simple employee convenience. The productivity gains don’t show up in their budget. At the same time, the costs of setting up and integrating current applications often range in the lower five digits, even when done in-house.
Choose A Ready-Made Solution
Suppose companies want an efficient and affordable single sign-on and maximum user convenience. In that case, it pays to use a ready-made, open-source software package like Univention Corporate Server instead of deploying and cobbling together individual components. The key here is to choose a package that allows a company to connect its existing applications quickly and keep control of its data.
Get Ready For The Future
While Multi-factor authentication is an excellent long-term strategy, many businesses and their applications lack the basis in an Identity and Access Management (IAM) System. Reducing the number of sign-ins and, in turn, requiring less frequent but more complex passwords can be an excellent first step and often warranties the costs for an IAM project.
Single sign-on provides real productivity gains at a moderate cost. Luckily, many off-the-shelf solutions make that transition neither expensive nor complicated. Most importantly, users will be thankful if they have to spend less time typing in their passwords.
This Article is an updated version of The Cost of Logging In, posted originally on Forbes as part of the Forbes Technology Council.