Passwords For Chocolate
Tuesday 17th April, 2007 12:08 Comments: 3
Cheeky researchers can still wangle IT passwords with free chocolate and flirting. A train station survey of 300 office workers carried out by Infosecurity Europe researchers in London revealed the disturbing statistic that 64 per cent would hand over their office computer passwords for a bar of chocolate "and a smile". I must admit, both are appealing, but hopefully I wouldn't tell them my password(s). Good-looking, chocolate-bearing researchers apparently had to probe a bit harder with the IT professionals than random train platform suits in order to get passwords, but the questions were simple.
Researchers asked IT conference delegates if they knew what the most common password is (my guess is "password", although if it's a Windows machine with password complexity, I'd probably try "Password1") and then asked them what their password was. Only 22 per cent of IT professionals revealed their "Open Sesame" at this point (the fools!), compared to 40 per cent of non-techie commuters (bigger fools!). If at first they refused to give their password, researchers would then ask if it was based on a child, pet, football team, etc, and then suggest potential passwords by guessing the name of their child or team (this wouldn't work on me, my passwords are generally far too cryptic). By using this social engineering technique, a further 42 per cent of IT professionals and 22 per cent of commuters inadvertently revealed their password. Of course, I'd have lied once they started asking more questions, in the hope of getting rid of them so I could dive into my free chocolate. Mmmm, chocolate. Mmmm, attractive women.
Researchers asked IT conference delegates if they knew what the most common password is (my guess is "password", although if it's a Windows machine with password complexity, I'd probably try "Password1") and then asked them what their password was. Only 22 per cent of IT professionals revealed their "Open Sesame" at this point (the fools!), compared to 40 per cent of non-techie commuters (bigger fools!). If at first they refused to give their password, researchers would then ask if it was based on a child, pet, football team, etc, and then suggest potential passwords by guessing the name of their child or team (this wouldn't work on me, my passwords are generally far too cryptic). By using this social engineering technique, a further 42 per cent of IT professionals and 22 per cent of commuters inadvertently revealed their password. Of course, I'd have lied once they started asking more questions, in the hope of getting rid of them so I could dive into my free chocolate. Mmmm, chocolate. Mmmm, attractive women.
Yamahito - Tuesday 17th April, 2007 12:46 IT pros who told password: 22%
IT pros whose password was guessed: 42%
Total IT pro: 64%
Public who told password: 40%
Public whose password was guessed: 22%
Total public: 62%
Oh dear. An IT pro is more likely to give away his password than a member of the public. Perhaps my numbers are wrong, and the second percentage is, for example, 42% of the 78% who didn't cave immediately: then the figures become
IT passwords: 22%
IT guessed: 32.76%
Total: approx 55%
Public passwords: 40%
Public guessed: 13.2%
Total: approx 53%
So IT professionals have less secure attitudes than the public.
Or they lie better....
IT pros whose password was guessed: 42%
Total IT pro: 64%
Public who told password: 40%
Public whose password was guessed: 22%
Total public: 62%
Oh dear. An IT pro is more likely to give away his password than a member of the public. Perhaps my numbers are wrong, and the second percentage is, for example, 42% of the 78% who didn't cave immediately: then the figures become
IT passwords: 22%
IT guessed: 32.76%
Total: approx 55%
Public passwords: 40%
Public guessed: 13.2%
Total: approx 53%
So IT professionals have less secure attitudes than the public.
Or they lie better....
