The ROI Business Case for Funding Passwordless MFA Initiatives

Don Shin | August 15, 2022

I once worked under a CMO that had an interesting mantra. I don’t know if it was an original, but it stuck with me for over a decade. His pronouncement went something like this, “Don, Businesses do things for three reasons: (1) to make money, (2) to save money, (3) because someone told them they had to”. The 3rd alludes to compliance and, more frequently today, qualifying to buy cyber insurance.  

These are wise words, especially when technologists like myself need funding to realize a modernization initiative that can dramatically improve security and operational effectiveness. Unfortunately, a dissertation on streamlining bits and bytes or general terms like “better security” don’t mean much to the board, whereas dollars do.

Passwordless MFA is one of those innovations that presents a unique combination of better security with better user experience that pays business dividends: 

  • Slash the attack surface by removing the user from password management.
  • Workforce productivity improvements for the user and the identity administrators.  

But if we follow Jim Dorherty’s mantra, the question isn’t “what does it do,” but instead “how much do we get for the dollars spent”, a return on investment (ROI).

So, we created a passwordless MFA ROI calculator for you to quantify why you innovate to passwordless MFA. Then, using the calculator, run what-if scenarios and create a financial report for funding conversations with the CFO.

Full Passwordless MFA ROI Calculator

Our ROI Calculator does its value crunching based on four factors:

  • Cost: Octopus Enterprise passwordless MFA total cost of ownership (TCO) 
  • Gain: Workforce users and identity administration productivity improvements
  • Gain: Financial impact of slashing the attack surface 
  • Gain: Closing MFA compliance gaps and qualifying for cyber insurance

We separate the productivity gains from security risk buy-down to provide more clarity, as the security component of this simple action can be so immense and dwarf the productivity gains.

Ready to learn more about our innovative passwordless solution?
Register for the Monthly Demo

How to Use the ROI Calculator

The calculator is self-explanatory, I hope. Grey boxes are fields you can modify for what-if exercises and the blue box calculations. The grey boxes have a default value pre-loaded to give you a suggested starting value and pop-up dialog boxes explaining why the default was chosen. In some boxes, you will find helpful links to research or background information to give additional context.

The calculator has three sections: 

  • Summary Business Case
  • Detailed What-if Analysis
  • Report Generation

Summary Business Case

implement Full Passwordless MFA.  Please note this estimate includes licensing fees, professional services typically requested from SDO customers, and the average time it takes to onboard your workforce users.  You can change this TCO value in the “what-if analysis” section once you have an official quote from SDO.

Below the TCO, you have the summary of workforce productivity and then the security ROI gains.   The workforce productivity gains is a sum of two productivity components: user efficiency from not having to type a password and a second component of eliminating password help desk support.

Detailed What-if Analysis

This section gives you the opportunity to bring your own assumption into the calculation.  The section is broken down into five sections.

  • Slash the Attack Surface
  • Helps Your Workforce Move Faster, Do More
  • Eliminate Help Desk Password Resets
  • Close compliance gaps and qualify to buy cyber insurance
  • SDO Total Cost of Ownership Annual Estimate

Security Impact: Slash the Attack Surface

The security section has two parts. The first part is the direct financial impact of data breach avoidance by eliminating user knowledge of passwords. After all, you can’t expose what you don’t know. Default values for the likelihood of a breach, financial impact, and weighting based passwordless are provided in the editable fields.
The following section calculates the business valuation lost due to a data breach. The pop-up aid leads you to research quantifying the impact. We are given the option to zero out this impact if we are uncomfortable with the secondary consequences of data breaches.

Productivity Impact: Helps Your Workforce Move Faster, Do More

The 1st productivity improvement section models time saving by users not typing a password in the passwordless MFA workflow.  Because businesses have varying requirements for password length and complexity, we provide reasonable default values for the typing duration and frequency of entering passwords.   Yours may be quite a bit longer.  However, it is interesting how seconds repeatedly accumulate over many employees to a significant amount of dollars lost.

Productivity Impact: Eliminating Help Desk Password Reset

It is a simple fact that if users don’t know a password, then they don’t need to be reset.  As a result, the time-strapped IT support team eliminated a whole category of work. 

Interestingly, this also means that the critical task of password rotation now falls exclusively with the identity administrators. One of the many other gains not included in this calculator.

Your technology adoption may vary, e.g., if you have a self-service portal for password resets, we give you the flexibility to adjust users’ time and administrators’ time to support these types of workflows.

Close compliance gaps and qualify to buy cyber insurance

This section is informational; no adjustments can be made. However, this section communicates that proof of strong authentication for local and remote users is essential in communicating due diligence during security audits.

SDO Total Cost of Ownership Annual Estimate

As stated earlier, you can change this estimated TCO value once you have a formal quote from SDO.

Report Generation

Click the download button to get a pdf report and share your business case for funding the passwordless MFA initiative.

Try it Yourself

The users typing passwords with traditional MFA have been with us for more than two decades. Unfortunately, with traditional MFA, the inherent user’s password weakness remains while adding a step to the authentication process.

“Follow the money” is good guidance for you while taking on the standard bearer role in bringing passwordless innovation into a business. Test your assumption around the cost and benefits of passwordless MFA to prove it is right for your business.
You can find the calculator here: Full Passwordless MFA ROI Calculator.