[ISN] IT professionals reveal passwords for chocolate

From: InfoSec News (alerts@private)
Date: Mon Apr 16 2007 - 22:19:30 PDT


http://www.itpro.co.uk/security/news/110185/it-professionals-reveal-passwords-for-chocolate.html

By Rene Millman 
16th April 2007

Survey finds that two-thirds of people would give up sensitive 
information in exchange for a bar of chocolate.

Two-third of workers would reveal their passwords for a piece of 
chocolate, new research found.

According to a survey carried out by Infosecurity Europe of 300 office 
workers and IT professionals, 64 per cent of respondents were prepared 
to give their passwords in exchange for a bar of chocolate. The study 
also found that 67 per cent thought that someone else in their 
organisation knew their CEO's password with the most likely candidate 
being the secretary or PA.

The survey was carried out on commuters at train stations in London and 
on IT professionals at a computer exhibition to see if those working in 
the industry were more security conscious than the average person in the 
street. The survey found that with coercion from a smiling, attractive 
questioner, IT professionals would give up passwords in exchange for a 
bar of chocolate.

The researcher asked delegates at the IT exhibition if they knew what 
the most common password is and then asked them what their password was. 
Only 22 per cent of IT professionals revealed their password at this 
point compared to 40 per cent of commuters.

If at first they refused to give their password the researchers would 
then ask if it was based on a child, pet or football team and then 
suggested potential passwords by guessing the name of their child or 
team. Using social engineering techniques, a further 42 per cent of IT 
professionals and 22 per cent of commuters then inadvertently revealed 
their password, taking the total number of people who revealed their 
password to 64 per cent for both groups.

While the survey was conducted, the researchers not only had the 
respondent's password but noted their names and organisation from their 
delegate badge.

The survey found that 20 per cent of organisations no longer use 
passwords with five per cent using biometric technology and tokens for 
identity and access management and another 15 per cent using tokens.

Sam Jeffers, Event Manager for Infosecurity Europe 2007 said that the 
survey revealed that even those in responsible IT positions in large 
organisations are not as aware as they should be about information 
security.

"What is most surprising is that even when the IT professionals became 
slightly wary about revealing their passwords, they were put at their 
ease by a smile and a bit of smooth talk," said Jeffers.

"It just goes to show that we still have a long way to go in educating 
people about security policies and procedures as the person trying to 
steal data from a company is just as likely to be an attractive young 
woman acting as a honey trap as a hacker using technology to find a way 
into a corporate network," he said.


__________________________
Subscribe to InfoSec News
http://www.infosecnews.org



This archive was generated by hypermail 2.1.3 : Mon Apr 16 2007 - 22:23:29 PDT