Our CIAM journey with BT

 


BT, a renowned telecommunications giant serving 25 million customers with its four key brands and an extensive array of services including broadband, mobile, streaming, and infrastructure, embarked on a significant transformation journey. The goal was to replace its aging authentication platform, not just for one brand, but to create a unified authentication platform for all of BT's customer authentication needs. This ambitious project led to the birth of the Single Authentication Framework (SAF), a decision that marked a turning point in BT's approach to customer authentication.

The Mission: Building the Single Authentication Framework

The SAF project had clear, ambitious goals:

  • Universal Application: Replace all customer authentication journeys across all four of BT’s brands.
  • Modern Principles: Bring modern authentication principles and “security first” thinking to the forefront.
  • Best Practices: Enforce best practices for developers, testers, and adopting services.
  • Cutting-edge Security: Utilize the latest in authentication technology to create the most secure platform possible.

Collaboration with Kocho

Recognizing the complexity and scope of the project, BT understood that they needed more than just an architect; they needed a team. They turned to Kocho (then ThirdSpace) for their expertise in agile delivery and security.

BT’s requirements were twofold:

  • Agile Delivery: A flexible, responsive approach to project management.
  • Enterprise-Level Engagement: Comprehensive involvement across multiple disciplines.

With Kocho's involvement, the SAF squad rapidly expanded to nearly fifty people within the first month, encompassing a diverse range of expertise. This multidisciplinary team was essential for planning and executing the project effectively.

Implementing Agile Practices

To manage the work efficiently and maintain high standards, each function within the project became a semi-autonomous mini-squad, each focused on its area of expertise. Key agile practices included:

  • Sprint Planning: Regular planning sessions to outline upcoming work.
  • Retrospectives and Standups: Frequent meetings to review progress and address issues.
  • Incremental Improvements: Work passed between squads to continuously improve user journeys.
  • Continuous Testing: Ensuring each component met security and functionality standards before moving to pre-production environments.

Every Customer-Facing Unit saw their work as critical, necessitating a reshaped conversation around security to align priorities and manage expectations.

Transforming Authentication Security

BT's commitment to security led to significant innovations in customer authentication:

  • Separate Username and Password Screens: To prevent password spray attacks.
  • ReCaptcha Anti-Bot Protection: From Netacea, enhancing defence against automated attacks.
  • Smart Lockout Functionality: Leveraging Microsoft’s technology to thwart unauthorized access.
  • Password Reset Security: Checking resets against lists of compromised passwords.
  • Simplified Password Policies: Moving away from artificial complexity to simpler, longer passwords.
  • Multi-Factor Authentication (MFA): Implementing MFA robustly to ensure additional layers of security.
  • Risk-Based Checks: Using dynamic checks to determine when to ask for account ownership confirmation via one-time passcodes.

Conclusion

BT’s collaboration with Kocho to develop the Single Authentication Framework was a landmark project that not only replaced an outdated system but also established a new standard for customer authentication across all its brands. By integrating agile methodologies, leveraging advanced security technologies, and fostering a collaborative multi-disciplinary approach, BT ensured a secure, efficient, and user-friendly authentication experience for its millions of customers. This project exemplifies how strategic partnerships and innovative thinking can drive significant improvements in technology and customer service.

Comments

Post a Comment

Popular posts from this blog

Keeping safe beyond sign-in

Image
As The Register reports today , Microsoft briefly exposed a plethora of passwords and other secrets due to a bulk upload of data to GitHub recently. The data was a set of AI training data - data used to teach AI models how to understand the world around them. It makes no sense having the best locks on your front door if you leave the back door open... so what can we learn from this episode? Protecting passwords and other sensitive information from exposure to the wider world is essential for maintaining your online security. Here are some measures you can take: Use Strong, Unique Passwords: Create strong, complex passwords that are difficult to guess. Use a combination of uppercase and lowercase letters, numbers, and special characters. Avoid common dictionary words or phrases. Ensure your passwords are at least 12-16 characters long. Use a passphrase, which is a sequence of random words or a sentence that's easy to remember but hard to crack. Use a Password Manager: A password man
Read more

LinkedIn now uses Verified ID for Employee verification

Image
  Microsoft Verified ID is a digital identity verification solution that enables individuals to obtain digital "credentials" from organisations that know them, or more accurately, that know some aspect of their identity.  For example, their name, their educational qualifications, or in this case, their employment status.  These credentials can then be shared with third-party organizations, such as employers or educational institutions, in a secure and trusted manner.  LinkedIn, which is owned by Microsoft, has integrated with Microsoft Verified ID to allow LinkedIn members to verify their employment status. Using this new integration, employers can create a custom process for verifying employees, and employees, once they have done this, can present the credential to LinkedIn in order to obtain the new green "check mark" on their LinkedIn profile. Currently this requires the LinkedIn app - at time of writing there is no announcement yet about migrating this feature t
Read more

Entra ID

Image
We all know that Microsoft are on a mission to secure the world's data through identity security.. Three main areas of focus are: Trustworthy Identity Microsoft aims to establish a trusted identity framework that safeguards user data. By employing robust authentication measures, such as multi-factor authentication and biometrics, they ensure that only authorised individuals can access sensitive information. Intelligent Threat Detection Microsoft utilises advanced machine learning and artificial intelligence capabilities to detect and respond to potential security threats. By analysing user behaviour patterns and applying proactive security measures, they can identify anomalies and take prompt action to protect data. Comprehensive Protection Microsoft offers a comprehensive suite of security solutions to safeguard data at every level. They provide features such as data encryption, access controls, and data loss prevention mechanisms across their services and products, empowering org
Read more