IT professionals reveal passwords for chocolate

Two-third of workers would reveal their passwords for a piece of chocolate, new research found.

According to a survey carried out by Infosecurity Europe of 300 office workers and IT professionals, 64 per cent of respondents were prepared to give their passwords in exchange for a bar of chocolate. The study also found that 67 per cent thought that someone else in their organisation knew their CEO's password with the most likely candidate being the secretary or PA.

The survey was carried out on commuters at train stations in London and on IT professionals at a computer exhibition to see if those working in the industry were more security conscious than the average person in the street. The survey found that with coercion from a smiling, attractive questioner, IT professionals would give up passwords in exchange for a bar of chocolate.

The researcher asked delegates at the IT exhibition if they knew what the most common password is and then asked them what their password was. Only 22 per cent of IT professionals revealed their password at this point compared to 40 per cent of commuters.

If at first they refused to give their password the researchers would then ask if it was based on a child, pet or football team and then suggested potential passwords by guessing the name of their child or team. Using social engineering techniques, a further 42 per cent of IT professionals and 22 per cent of commuters then inadvertently revealed their password, taking the total number of people who revealed their password to 64 per cent for both groups.

While the survey was conducted, the researchers not only had the respondent's password but noted their names and organisation from their delegate badge.

The survey found that 20 per cent of organisations no longer use passwords with five per cent using biometric technology and tokens for identity and access management and another 15 per cent using tokens.

Sam Jeffers, Event Manager for Infosecurity Europe 2007 said that the survey revealed that even those in responsible IT positions in large organisations are not as aware as they should be about information security.

"What is most surprising is that even when the IT professionals became slightly wary about revealing their passwords, they were put at their ease by a smile and a bit of smooth talk," said Jeffers.

"It just goes to show that we still have a long way to go in educating people about security policies and procedures as the person trying to steal data from a company is just as likely to be an attractive young woman acting as a honey trap as a hacker using technology to find a way into a corporate network," he said.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.