Women give out passwords for chocolate
Just imagine what they'll do for jewellery
WANT TO WORM YOUR way into a woman’s email inbox? It’s easy, just buy her a bar of chocolate and the password’s all yours. Or so claim security analysts Infosecurity Europe, who polled 576 office workers outside Liverpool Street Station in London, as part of their Information Security Awareness week which starts on the 21st April.
According to the survey, 45 per cent of women were quite happy to give strangers, posing as market researchers, their email password, in return for a chocolate bar, as opposed to only 10 per cent of men. Hmmm…Wonder what the results would have been if they’d offered beer?
The unsuspecting workers were asked to fill out a survey which was actually nothing more than a cover for social engineering research to prove that gullible (and snack crazed) people would give out all kinds of information for chocolaty treats.
Despite the fact that many people still fell for the trick, Infosecurity reckons that on the whole, people did a lot better than last year, when they performed the same sort of test. In 2007 a whopping 64 per cent of people were prepared to give away their passwords for a chocolate bar, but this year only 21 per cent succumbed to the temptation. Maybe this year’s crowd are dieting.
61 per cent of people weren’t in the least bit shy about revealing their date of birth to researchers, nor were they hesitant about revealing personal details about their colleagues, including their names and phone numbers, for a chance to enter a prize draw where they could win a trip to Paris. Lots of chocolate in Paris, so no surprise that 60 per cent of men and 62 per cent of women said “oui”, to that one.
Infosecurity’s Boffins also discovered that more than half of people used the same password for everything, and that 43 per cent of people rarely changed them. 58 per cent even admitted that they’d freely give out their passwords to anyone who called them saying they were from their office’s IT department, and half claimed to know passwords belonging to their colleagues.
Claire Sellick, Event Director for Infosecurity Europe said that the promise of a trip could cost people dearly, because “once a criminal has your date of birth, name and phone number they are well on the way to carrying out more sophisticated social engineering attacks on you, such as pretending to be from your bank or phone company and extracting more valuable information that can be used in ID theft or fraud.”
When people were eventually told that the survey they had just filled in had actually been part of a security awareness test, most were surprised, with some claiming that because the researchers looked so well dressed and honest, they seemed trustworthy and not in the least bit criminal.
So criminals take note; dress well, smile, and most importantly, stock up on the Snickers bars, and we’re like putty in your hands. µ
L'INQ
Info Security
Comments
Call me, baby ;)
And the researchers who believed that also pick up woman in bars and think that the women give out their real phone number there too.Duh.
Checks?
Did anyone check to see if the passwords given were real?Shouldn't the title be 'Women lie about their passwords to gain chocolate from gullible geeks'?
M
Errrr...
Good headline grabbing story, but did anyone then attempt to verify the passwords provided?Personally I'd go for the free chocolate and beer and just give them any old bollox as a password.
Surely people lie?
Wouldnt you just lie on the survey to get the chocolate?Yes, but...
"61 per cent of people weren’t in the least bit shy about revealing their date of birth to researchers, nor were they hesitant about revealing personal details about their colleagues, including their names and phone numbers, for a chance to enter a prize draw where they could win a trip to Paris..."The worst part is that the study was done IN Paris...
So What !
Big Deal ... Men would give out passwords for sex !This proves nothing
As was pointed out the last time one of these stories made the news; the only thing this proves is that 55 percent of women and 90 percent of men weren't bright enough to make up a false password to get free stuff.I for one will quite happily make up as many false details as required to net myself some free goodies, you'd think that people would have caught on to this by now...
Male survey staff will believe lies told by women for chocolate
In a survey i just conducted it has been found that tech security company staff conducting surveys don't realise that when they offer chocolate for a password the surveyee will lie convincingly in order to obtain the chocolate.Reliable statistics?
How do they know the people didn't just give out fake information just to get the chocolate? I know when I'm asked for my email addresses etc. I give a fake one unless they really need it.Saying that... I just gave the Inq my legitimate address when posting this comment...
Genuine
What's the chances of those passwords being genuine?I'd sell that for a dollar
Oh come on now. How many people do you think gamed the questionnaire, just for the chocolate bar?For a freebee? You bet your beer I would.
My favorite give-a-way password is "id10tsukkor". I'd never use it as a real PW, but hey, for a chocolate bar (or a beer), it would work every time.
More women than men gave a password, eh? It just might mean that women are smarter than men, when it comes to the acquisition of sweets.
So Chocalate Cutters Talk FrenchSpeak!!
Passwords For ChocoLate Kutters are Mere Erratta. With 200 million lies per second passing 278 pins of Disinfo, its Gonna be While to Pass Thru DARK Chocalate Era. Esp if Wii has to be called in.R.B.Wii, always about 2 Hours behind in code updating OUR code then Once theifted by V.Cuter mere by about 72,000 to ONE reduction time factor, yet thats fast only once its Right. Code Cracking Anit E-Z. MN mpls.
As Professional Chocolate Cutter, I can Assure Every Female Buyer that I too am Female.
Sure They Think Beer is Bubbles & SEX is PlayGirl, How Homi.Way to Get Someones PASSWORD IS: Grab First Finger & Bend BACKWARDS Till Day Scream or Collaspe. Then tell em, give me code & Won't Tear OUT Your Eye, Have Chocolate On Your Breathe. It Usually Works.
Then Blind Em with Spit.
Thats BEST it Gets in Barc,ToDAY.
Stewie drashek White Chocolate Anililator.
Back to the future?
Why's my 1st comment dated January??First clue...
Never put much weight in an article that uses the word "boffins."Passwords are a soft target
This type of security hype is sadly becoming part and parcel of the circus that Infosec is rapidly approaching.Those whom have commented on whether the information supplied is valid are quite right to do so. It's easy to make up a password, it's easy to guest a birth date, but you still require more info than a password alone. Of course this is all very well, but the bottom line is that passwords by their very nature are insecure and will always remain so. You cannot rely on a password alone for security.
There are many tools and techniques available on line to help someone crack the passwords. Attacks can use brute force, Rainbow or Birthday methods. Look them up on any Wiki and you may be surprised.
I look forward to the day when we no longer have to remember passwords. The technology is here, it’s just that the ROI is difficult to measure.
Actual Link To Actual Article
the link provided at the end of the story is borken, as many INQ links are, here's the correct one:http://www.infosec.co.uk/page.cfm/Action=Press/PressID=1071
Passwords are bad, m'kay
All this means is that text passwords are anachronistic and ineffective. Users are not at fault - engineering is.