A company has a policy that workers may not write down or save any passwords related to their work accounts. Some workers write down their passwords anyway. Give and explain three reasons why they might do this. What could the company do to improve this policy?
In addition to its security function, requiring two-factor authentication also serves as a signal. If a company requires two-factor authentication, name two groups it is probably trying to signal to. What information about itself is it trying to signal to each of those groups and why?
Imagine you worked for an email provider. Your company has a system to block suspected phishing emails to your customers before they even see them. How could you increase the sensitivity of such a system? How could you increase the specificity? Which has more impact on customers and why?