A survey of office workers in London found that almost three quarters would reveal their network-access password in exchange for a bar of chocolate.
The survey was conducted by the organisers of Infosecurity Europe 2004, a security exhibition to be held in London next week. They offered 172 commuters at Liverpool Street Station a bar of chocolate if they would reveal their corporate password. Surprisingly, 37 percent immediately agreed, while another 34 percent were persuaded to give up their secret access codes when the interviewer commented that it was most likely to be the name of their pet or their child.
Claire Sellick, event director for Infosecurity Europe 2004, said the results prove that employers are not educating their users about the importance of information security: "This comes down to poor training and procedures. Employers should make sure that their employees are aware of information security policies and that they are kept up-to-date," she said in a statement.
According to the survey, most participants were unhappy remembering so many different passwords and would prefer to use either biometric authentication -- such as fingerprint recognition -- or smartcards. "Clearly, workers are fed up with having to remember multiple passwords and would be happy to replace them with alternative identification technology," said Sellick.
At the RSA Security conference in San Francisco last month, Microsoft's chairman Bill Gates said traditional passwords are dying out because they cannot be relied on to keep critical information secure. During his keynote, Gates said: "There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems, they write them down and they just don't meet the challenge for anything you really want to secure."
Talkback
Did anyone actually check the passwords (that would probably be a crime)? I would gladly give a fake password for a bar of chocolate.
How do you know the passwords exchanged for chocolate are real? Is there any scientific basis to this survey, if not then it is at best seriously flawed and at worst worthless.
Passwords are far too open to abuse. A very great part of this is down to how IT departments keep forcing changes on a monotonous basis. My current 0HSH1T and my next G02L represent my feelings on the subject.
Make life easier and go down the road of fingerprints or similar.
It's not enough to question the genuineness of the password given in exchange for the chocolate; we have to be sure it's real chocolate.
Alas I didn't get confronted by the passwords for chocolate folks. I free bar in exchange for a commonly used password that I would never use would have been like taking candy from a baby. :-)
did anyone check whether the chocolate was real?