From: InfoSec News (alertsinfosecnews.org)
Date: Tue Apr 17 2007 - 00:19:30 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.itpro.co.uk/security/news/110185/it-professionals-reveal-passwords-for-chocolate.html

By Rene Millman
16th April 2007

Survey finds that two-thirds of people would give up sensitive
information in exchange for a bar of chocolate.

Two-third of workers would reveal their passwords for a piece of
chocolate, new research found.

According to a survey carried out by Infosecurity Europe of 300 office
workers and IT professionals, 64 per cent of respondents were prepared
to give their passwords in exchange for a bar of chocolate. The study
also found that 67 per cent thought that someone else in their
organisation knew their CEO's password with the most likely candidate
being the secretary or PA.

The survey was carried out on commuters at train stations in London and
on IT professionals at a computer exhibition to see if those working in
the industry were more security conscious than the average person in the
street. The survey found that with coercion from a smiling, attractive
questioner, IT professionals would give up passwords in exchange for a
bar of chocolate.

The researcher asked delegates at the IT exhibition if they knew what
the most common password is and then asked them what their password was.
Only 22 per cent of IT professionals revealed their password at this
point compared to 40 per cent of commuters.

If at first they refused to give their password the researchers would
then ask if it was based on a child, pet or football team and then
suggested potential passwords by guessing the name of their child or
team. Using social engineering techniques, a further 42 per cent of IT
professionals and 22 per cent of commuters then inadvertently revealed
their password, taking the total number of people who revealed their
password to 64 per cent for both groups.

While the survey was conducted, the researchers not only had the
respondent's password but noted their names and organisation from their
delegate badge.

The survey found that 20 per cent of organisations no longer use
passwords with five per cent using biometric technology and tokens for
identity and access management and another 15 per cent using tokens.

Sam Jeffers, Event Manager for Infosecurity Europe 2007 said that the
survey revealed that even those in responsible IT positions in large
organisations are not as aware as they should be about information
security.

"What is most surprising is that even when the IT professionals became
slightly wary about revealing their passwords, they were put at their
ease by a smile and a bit of smooth talk," said Jeffers.

"It just goes to show that we still have a long way to go in educating
people about security policies and procedures as the person trying to
steal data from a company is just as likely to be an attractive young
woman acting as a honey trap as a hacker using technology to find a way
into a corporate network," he said.

__________________________
Subscribe to InfoSec News
http://www.infosecnews.org

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]