Why Strong Onboarding Eliminates Password Resets
Bob Long
President, Americas
Bob is a tenured veteran in the Identity and eKYC global markets. In his present role at Daon, he has operational oversight for the Americas Region as President, including a seat on the Daon Board of Directors. Operational requirements include sales, business development, customer success, marketing, and operations for the region encompassing North America, South America, and Latin America.
Bob has over 25 years of experience in financial services, payments, fraud and risk management, and technology. Prior to Daon, he’s held the positions of Interim CEO and Chief Revenue Officer at a Seattle-based payment solutions company and led one of the largest payment and technology providers to an Initial Public Offering on the NYSE (2012). He has also held several leadership roles including Senior Vice President of Financial Services at Vantiv/WorldPay and leadership roles at both First Data Corporation and US Bancorp.
Bob received his education from the University of The Pacific in Stockton, CA.
March 26, 2026
Global enterprises spend millions annually on password reset infrastructure to compensate for weak credential-based onboarding that engineers failure from day one. Identity Continuity establishes verified biometric identity at enrollment and maintains continuous authentication across sessions, eliminating password resets entirely while delivering 93% sign-in success rates and stopping credential-based attacks that cause 77% of breaches.
Organizations treat password resets as a required operational expense, and most companies have learned to budget accordingly. Forrester Research’s widely cited figure places password reset costs at $70 per incident in help desk time and lost productivity. Process improvements and automation have reduced that number closer to $40 per reset in recent implementations. Yet even at this lower threshold, large enterprises still face expenses exceeding $5 million annually, all to maintain infrastructure addressing a problem of their own making.
This entire elaborate password reset infrastructure exists to compensate for a fundamental design flaw. Companies onboard users with authentication methods engineered to fail, then build elaborate recovery systems to manage the predictable consequences. The alternative isn’t better password management. It’s eliminating passwords at the point of initial enrollment through Identity Continuity principles that establish verified, persistent identity from the first interaction.
The Complete Burden of Credential-Based Authentication
The $70-per-reset figure captures only direct costs. Help desk staffing, ticket resolution protocols, and reset infrastructure represent the visible expense. The broader financial impact extends across multiple dimensions that accumulate throughout the user lifecycle.
Productivity losses compound quickly. Employees locked out of systems wait for help desk response, abandoning work during resolution. The pattern intensifies on Mondays and Fridays when password recall proves most difficult after weekends or before time off. Many organizations employ dedicated staff solely to process reset requests during these predictable spikes.
Security exposure grows with each reset. Verizon’s research demonstrates that 77% of hacking-related breaches involve stolen credentials. Every password reset creates an attack surface. Help desk social engineering, non-secure reset links, and temporary credentials all introduce vulnerability. Organizations invest in elaborate verification protocols to secure the recovery process itself, adding cost and friction to compensate for the weakness of credential-based authentication.
Customer-facing systems suffer additional consequences. Financial services and e-commerce platforms lose sales conversions from abandoned carts when users abandon transactions after failed login attempts — the number has surged to $18 billion annually. The FIDO Alliance reports that 53% of consumers detected more suspicious messages and online scams in 2024, a figure reflecting the broader credential fatigue that makes users vulnerable to phishing during legitimate recovery attempts. Password resets don’t just cost money. They erode trust at moments when customers are already frustrated.
These costs share a common origin. Organizations onboard users with authentication methods that demand memorization rather than recognition, creating dependency on recovery infrastructure from the moment of initial enrollment.
The Knowledge-Based Authentication Trap
Traditional account creation requires users to generate and remember secrets. Passwords, security questions, and knowledge-based authentication create cognitive burden that intensifies across multiple accounts. Users respond rationally by optimizing for convenience rather than security. They reuse passwords, choose simple patterns, and select security questions with easily discoverable answers.
This behavior isn’t user failure. It’s the predictable outcome of authentication design that conflicts with human memory. People forget passwords not because they’re careless but because modern life requires managing dozens of credentials across work, banking, healthcare, and personal services. Knowledge-based authentication demands a perfect memory under conditions that make recall nearly impossible.
Organizations recognize this weakness and implement multi-factor authentication via one-time passwords. MFA adds security by requiring device possession alongside credential knowledge, but it doesn’t solve the underlying problem. Users still forget passwords. The recovery process still requires help desk intervention or automated workflows vulnerable to social engineering. MFA increases friction without eliminating the need for reset infrastructure.
Biometric authentication operates on fundamentally different principles. Face, fingerprint, and voice recognition rely on physical characteristics rather than memorized information. This distinction eliminates entire categories of recovery scenarios that password-based systems create by design. Google’s research demonstrates 4x improvement in sign-in success rates with biometric authentication compared to passwords, a gap that reflects the structural advantage of recognition over recall.
Identity Continuity: Establishing Continuous Authentication
Identity Continuity reframes authentication from discrete events to a continuous state. Rather than repeatedly challenging users to prove identity through knowledge tests, Identity Continuity establishes verified identity at initial enrollment and maintains that verification across sessions, devices, and interactions. Daon originated this framework and has refined it through extensive implementation across banking, telecom, healthcare, and government sectors.
Strong onboarding under Identity Continuity principles begins with comprehensive initial verification. During first enrollment, users provide government-issued identification documents alongside biometric capture. Liveness detection confirms physical presence rather than photograph presentation. This initial investment establishes high-confidence identity binding that persists throughout the customer relationship.
The biometric credentials captured during enrollment become the authentication anchor. Facial recognition, voice patterns, and behavioral characteristics tie to the verified identity established at onboarding. Once this foundation exists, organizations can introduce additional authentication factors tailored to specific use cases, with each new factor validated through the original biometric binding rather than requiring separate enrollment. A user might authenticate with face recognition for routine access, then add voice verification for high-value transactions, all anchored to the same verified identity.
Unlike passwords stored in databases vulnerable to breach, biometric templates remain on-device or use privacy-preserving cryptographic techniques that prevent credential theft. Modern standards like FIDO2 and WebAuthn combine biometric authentication with device-based passkeys, eliminating the shared secrets that make password systems vulnerable.
This architecture eliminates traditional reset scenarios. Unlike passwords stored in databases vulnerable to breach, biometric templates remain on-device or use privacy-preserving cryptographic techniques that prevent credential theft—with deployment options ranging from server-side matching for cross-device authentication to device-based storage or FIDO2 cryptographic approaches depending on organizational requirements. Modern standards like FIDO2 and WebAuthn combine biometric authentication with device-based passkeys, eliminating the shared secrets that make password systems vulnerable. Users who can’t recall passwords have no credentials to forget. The person attempting authentication proves identity through biometric recognition rather than recalled credentials. When users replace devices, they re-authenticate biometrically on the new device to verify the same person seeks access. No shared secret requires resetting because no shared secret exists to compromise.
Account takeover attempts fail against liveness detection and behavioral analytics. When suspicious activity does occur, biometric re-verification allows immediate account recovery without help desk intervention. The user proves identity through the same recognition-based process used for routine authentication.
The financial implications invert traditional security economics. Organizations spend more upfront to verify identity properly during onboarding. In return, they eliminate password reset systems, help desk labor, and the security controls needed to protect recovery processes. eBay reports 93% sign-in success rates after implementing biometric authentication. Air New Zealand reduced abandonment rates by 50% while achieving zero credential stuffing attacks and zero phishing incidents. The upfront investment in strong onboarding generates compounding returns as reset costs disappear.
Self-Service Recovery as Operational Advantage
Identity Continuity transforms account recovery from cost center to competitive differentiator. Users who need to regain access after device loss or suspected compromise initiate recovery through the same biometric verification established at enrollment. Organizations using server-side biometric templates allow immediate authentication from the new device, while those prioritizing on-device storage can re-verify identity through the same enrollment process used initially. Real-time liveness detection prevents social engineering attacks that exploit traditional help desk protocols. The entire process completes in seconds rather than the extended timelines required for password reset verification.
Mercari documented 82% faster sign-in times after implementing biometric authentication, a metric that captures both routine access and recovery scenarios. When users encounter access issues, automated biometric re-verification resolves them immediately. Help desk tickets for account recovery plummet because users resolve situations independently through recognition-based verification that requires no special knowledge or help desk intervention.
Customer experience improves across critical interactions. Financial transactions, healthcare portal access, and government service delivery all require authentication at moments when friction causes abandonment. Users facing forgotten passwords during high-stakes interactions abandon entirely rather than navigating recovery workflows. Biometric authentication removes this failure point. The same verification method works consistently across circumstances without introducing recovery friction at conversion moments.
Operational transformation extends beyond cost reduction. IT teams shift capacity from reactive password reset support to proactive identity management. Security teams reduce compliance burden as biometric authentication satisfies regulatory requirements for financial services authentication, GDPR data access verification, and healthcare patient identity confirmation. The infrastructure built for password resets becomes unnecessary, freeing budget for strategic initiatives rather than compensating for weak authentication design.
Organizations with strong onboarding gain competitive positioning beyond operational efficiency. Lower customer acquisition costs result from reduced abandonment during account creation. Throughout the customer lifecycle, seamless authentication maintains engagement that password friction erodes. Security posture becomes enabler rather than constraint as biometric verification provides both stronger protection and better experience than credential-based alternatives.
Implementation Realities
Transitioning from password-based authentication to Identity Continuity requires strategic planning rather than wholesale replacement. Organizations typically begin with high-value use cases where reset costs are most acute. Customer onboarding in banking, privileged access for employees handling sensitive data, and healthcare patient portals all generate significant reset volume while offering clear ROI for biometric implementation.
Modern device capabilities support Identity Continuity deployment across user bases. Smartphones, tablets, and laptops now include cameras and sensors sufficient for facial recognition with liveness detection. Voice authentication works across any device with a microphone. Organizations don’t require specialized hardware to implement biometric onboarding, though dedicated biometric capture devices may suit specific use cases like branch banking or government services.
Regulatory frameworks increasingly support rather than constrain biometric authentication. GDPR recognizes biometric data as requiring protection but doesn’t prohibit its use for legitimate authentication purposes. Financial services regulations worldwide are shifting toward stronger authentication requirements that password-based systems struggle to satisfy. Healthcare compliance benefits from biometric patient verification that prevents identity fraud while streamlining access.
User education remains important. People familiar with passwords need guidance on biometric workflows, particularly around device enrollment and cross-device authentication. The transition requires change management, but the direction of change matters. Organizations are moving users from more friction to less, from less secure to more secure, and from methods that require ongoing intervention to methods that work consistently.
Technology platforms enable Identity Continuity implementation without requiring custom development. Solutions like TrustX provide identity orchestration across authentication methods and use cases. xFace delivers facial recognition optimized for diverse populations and lighting conditions. xProof handles document verification and identity proofing at enrollment. Voice AI combined with xDeTech offers voice authentication with deepfake detection. These capabilities integrate into existing systems, allowing organizations to implement IC principles within current infrastructure rather than requiring complete replacement.
Eliminating Rather Than Managing
Password resets represent symptoms of weak onboarding, not inevitable operational costs. Every dollar spent on reset infrastructure, every help desk hour devoted to account recovery, and every customer lost to authentication friction stems from initial enrollment that establishes fragile identity verification. Organizations that continue optimizing password reset processes are refining the wrong solution.
Identity Continuity principles establish verified identity at first interaction and maintain that verification persistently. Strong biometric onboarding eliminates the knowledge-based authentication that creates reset dependency. Users authenticate through recognition that doesn’t degrade over time. Recovery scenarios resolve through the same biometric verification used for routine access. The entire password reset infrastructure becomes unnecessary.
As enterprises confront the reality that 77% of breaches involve stolen credentials, the strategic question shifts. Strong onboarding turns identity verification from a cost center into a sustainable advantage, eliminating the reset problem at its source.
