[ISN] Will Trade Passwords For Chocolate

From: InfoSec News (isn@private)
Date: Tue Apr 20 2004 - 00:58:14 PDT

Next message: InfoSec News: "[ISN] Britons go 'toothing' for sex with strangers"

Previous message: InfoSec News: "[ISN] Last part of security strategy released"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.securitypipeline.com/news/18902074

By Mitch Wagner  
April 19, 2004 

Almost three quarters of office workers in an impromptu
man-on-the-street survey were willing to give up their passwords when
offered the bribe of a chocolate bar.

The organizers of the conference Infosecurity Europe 2004 plans to
announce on Tuesday that they surveyed office workers at Liverpool
Street Station in England, and found that 71 percent were willing to
part with their password for a chocolate bar.

The survey also found the majority of workers would take confidential
information with them when they change jobs, and would not keep salary
details confidential if they came across the details.

Some 37 percent of workers surveyed immediately gave their password.  
If they initially refused, researchers used social engineering
tactics, such as suggesting that the password has to do with a pet or
children's name. An additional 34 percent revealed their passwords at
that point.

The company said: "Of the 172 office workers surveyed many explained
the origin of their passwords, such as 'my team - Spurs,' 'my name -
Charlie,' 'my car -minicooper,' 'my cat's name - Tinks.' The most
common password categories were family names such as partners or
children (15%), followed by football teams (11%), and pets (8%). The
most common password was 'admin.' One interviewee said, 'I work in a
financial call center, our password changes daily, but I do not have a
problem remembering it as it is written on the board so that every one
can see it.... I think they rub it off before the cleaners arrive."

The survey also found:

- 53 percent of users said they would not give their password to a 
  telephone caller claiming to be calling from their IT department. 

- Four out of 10 knew their colleagues' passwords. 

- 55 percent said they'd give their password to their boss. 

- Two thirds of workers use the same password for work and for 
  personal access such as online banking and web site access. 

- Workers used an average of four passwords, although one systems 
  administrator used 40 passwords, which he stored using a program he 
  wrote himself to keep them secure. 

- 51 percent of passwords were changed on a monthly basis, 3 percent 
  changed passwords weekly, 2 percent daily, 10 percent quarterly, 13 
  percent rarely and 20 percent never. 

- Many workers who regularly had to change their passwords kept them 
  on piece of paper in their drawers, or stored on Word documents. 



_________________________________________
ISN mailing list
Sponsored by: OSVDB.org

Next message: InfoSec News: "[ISN] Britons go 'toothing' for sex with strangers"
Previous message: InfoSec News: "[ISN] Last part of security strategy released"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 20 2004 - 03:31:31 PDT