Posted on 04/20/2004 7:35:34 AM PDT by NotQuiteCricket
Almost three quarters of office workers in an impromptu man-on-the-street survey were willing to give up their passwords when offered the bribe of a chocolate bar.
The organizers of the conference Infosecurity Europe 2004 plans to announce on Tuesday that they surveyed office workers at Liverpool Street Station in England, and found that 71 percent were willing to part with their password for a chocolate bar.
The survey also found the majority of workers would take confidential information with them when they change jobs, and would not keep salary details confidential if they came across the details.
Some 37 percent of workers surveyed immediately gave their password. If they initially refused, researchers used social engineering tactics, such as suggesting that the password has to do with a pet or children's name. An additional 34 percent revealed their passwords at that point.
The company said: "Of the 172 office workers surveyed many explained the origin of their passwords, such as 'my team - Spurs,' 'my name - Charlie,' 'my car -minicooper,' 'my cat's name - Tinks.' The most common password categories were family names such as partners or children (15%), followed by football teams (11%), and pets (8%). The most common password was 'admin.' One interviewee said, 'I work in a financial call center, our password changes daily, but I do not have a problem remembering it as it is written on the board so that every one can see it.... I think they rub it off before the cleaners arrive."
The survey also found:
- 53 percent of users said they would not give their password to a telephone caller claiming to be calling from their IT department.
- Four out of 10 knew their colleagues' passwords.
- 55 percent said they'd give their password to their boss.
- Two thirds of workers use the same password for work and for personal access such as online banking and web site access.
- Workers used an average of four passwords, although one systems administrator used 40 passwords, which he stored using a program he wrote himself to keep them secure.
- 51 percent of passwords were changed on a monthly basis, 3 percent changed passwords weekly, 2 percent daily, 10 percent quarterly, 13 percent rarely and 20 percent never.
- Many workers who regularly had to change their passwords kept them on piece of paper in their drawers, or stored on Word documents.
Aha! Hackers' secret revealed!
(And think what a pack of M&Ms might get you . . . )
That said, a password by itself isn't useful unless one knows where the password is used and has access to the system where the password is required. I could, for instance, tell you that a PIN I use is 3627. But unless you know WHERE that password works, it's useless to you.
If I'm in London on holiday and some stranger wants to know my laptop's password (remember, I'm on holiday and left the laptop at home), I'd be all too happy to give it to him in exchange for cheese. Since he doesn't have my laptop nor know where it is, the password is useless and he's just bought me some cheese.
Michael
Not scientific at all. Were these passwords verified to be valid?
Thats real dandy until you lose/misplace your SecurID card. Then youre really screwed.
I have met women, and I have met chocolate. I prefer meeting women who have chocolate.
That said, chocolate's effect works just as well on men as it does with the fairer gender. The multi-filled chocolate torte I make rolls just as many men's eyes as women's. I call it the Hyperventilation Torte - because it always has that effect.
Michael
Think of the possibilities if a moose had offered them the cheese.
And you, my dear, are especially adorable in the morning.
Actually, my favorite threads of comment are those in which it appears that other posters may be missing something - a perspective, an inside look, a bit o' history. My life has been quite varied, so there's a lot of useless data flitting around in my head that can be converted to a modicum of utility.
Plus, I abhor one-line posts. So if I AM drawn to comment, it's fun to make it a pithy one.
Michael
You wanna say that again, cause I'm not sure that it made any sense.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.