The same old story, if you ask people for something they will most likely give it without thinking of the consequences..
Even more so if you are a pretty girl, and in this case you offer someone chocolate. Hey who doesn’t love chocolate? I have to say I don’t love it enough to give out my passwords..
A survey out today by the organizers of the tech-security conference Infosecurity Europe found that 21% of 576 London office workers stopped on the street were willing to share their computer passwords with a good looking woman holding a clipboard. People were offered a chocolate bar in exchange for the information. More than half of the people surveyed said they used the same password for everything.
That’s 1 in 5, amazing! It just shows a bit of simple social engineering targeted against a certain company or just using a certain location will yield valuable info.
Similar tests have been conducted before, I would have though awareness might be slightly higher now – but it seems like it’s just the same.
As depressing as the survey may be for the security pros whose job it is to keep corporate networks safe, the results are a substantial improvement over last year. That was when 64% of people were willing to give away their passwords. But there were other disturbing signs this year: 61% of workers surveyed shared their birthdates and a similar number – 60% of men and 62% of women – shared their names and telephone numbers.
This doesn’t sound particularly damaging, but cyber criminals could use this information to craft so-called phishing emails that install malicious computer code when opened or try to convince people to cough up more damaging information like a bank account number.
It’s good to see a substantial improvement since last year, but still I’d prefer if the figures were below 5%. Sharing personal info is also a bad idea as it gives people with malicious intent a lot more ammunition to break into the corporate cookie jar.
Most peoples’ passwords are likely to be based on personal information unless they are generated by the company…if complex passwords are generated by the company it’s generally even easier..as they will be written on a post-it not in the drawer or under the keyboard.