Resetting a password is not free. Every time an IT agent verifies someone’s identity and resets their password, both the help desk and the employee lose time. On average, a help-desk–handled Level-1 ticket costs about $22, while a fully automated self-service reset costs only $2. That’s a tenfold difference, and it quickly adds up in large organizations.
Now look at the scale. In many companies, around one-third of all help-desk calls are about passwords – forgotten credentials, lockouts, expired logins. For a firm with 5,000 employees, just two resets per person per year equals 10,000 incidents. At a blended cost of about $35 per incident (agent time plus downtime), that’s $350,000 wasted every year. Surveys from HDI confirm that password resets remain one of the largest categories of support tickets.
There’s also a security angle. Verizon’s DBIR shows that stolen credentials are still the #1 entry point in breaches (24%). Reducing manual resets and tightening weak password processes lowers this risk.
The good news? Most of the problem is about channeling requests. If you shift resets from agents to self-service and reduce the number of logins through single sign-on (SSO), the number of tickets drops sharply – without making life harder for employees. Forrester’s study of Microsoft Entra reported a ~75% reduction in reset requests after self-service went live.
“If you need a fast, low-risk way to start with IAM, fix the ‘forgotten password’ process first. In one month, you can cut 50–75% of those tickets with self-service and smart policies – and then expand into full IAM/IGA,” said Dmitry Kachurin, Identity & Access Expert, UDV Technologies.
Where the Costs Actually Come From
Two things drive the cost of a reset: help-desk labor and lost productivity. MetricNet puts the direct help-desk handling cost at around $22. But when you add in the time the employee can’t work, the real cost is about double. That’s why moving routine actions to self-service delivers outsized savings, even in companies with relatively low labor costs.
A 30-Day Practical Fix
Here’s how to make an immediate impact:
- Enable password self-service in your access portal or app – available 24/7 – and route employees there first.
- Connect priority applications to SSO so employees don’t have to remember multiple passwords.
Update your password policy:
- No forced periodic changes.
- No “secret questions” or hints.
- Require changes only if compromise is suspected.
- Block weak or breached passwords.
- Allow copy-paste from password managers.
A policy that’s easy to use is also safer – and it creates fewer failures that end up as tickets.
Why This Works Especially Well in the Gulf
Organizations in the GCC are often mobile-first and rely heavily on contractors. Self-service using corporate mobile devices for OTP or passkeys, with bilingual Arabic/English UI and full audit logs, fits both business reality and regulatory needs.
The financial argument is clear: replacing expensive agent-assisted resets with automated ones cuts costs while also reducing a key breach risk. With the average global breach cost still around $4.4M (IBM), controls that lower both the chance and impact of breaches are strong investments.
Beyond the Quick Win: Expanding into IAM/IGA
Once you’ve captured the cost savings, use the same portal to:
- Provide a role catalog and access request workflow.
- Automate joiner/mover/leaver processes so staff are “first-day ready.”
- Run access reviews to remove unnecessary privileges.
- Integrate with PAM for administrators and suppliers.
This way, you move from a cost-cutting IT story to a full identity governance program that improves security, compliance, and audit readiness – while still keeping business priorities front and center.