In part two of my interview with Angela Sasse, Professor of Human-Centred Technology, she shared an engagement she had with British Telecom(BT).
The accountants at BT said that users were resetting passwords at a rate that overwhelmed the helpdesk’s resources, making the cost untenable. The security team believed that the employees were the problem, meanwhile Sasse and her team thought otherwise. She likened the problem of requiring users to remember their passwords to memory exercises. And with Sasse’s help, they worked together to change the security policy that worked for both the company and the user.
We also covered the complexities of choosing the right form of authentication (i.e. passwords, 2FA or biometrics?), the pros and cons of user training, and the importance of listening to your users.