London (England) - Most companies have secrets protected by passwords, but according to a recent study those passwords can be obtained with just a candy bar and a smile. The Infosecurity Europe group surveyed 300 office and IT workers and found that nearly two-thirds of them were prepared to give up their passwords for a chocolate bar and a smile from an attractive “researcher”. IT workers, whom we would consider to be more secretive, fared better than their paper and pencil pushing coworkers, but still fell victim.
Office workers commuting in the London train stations and IT professionals at a local expo were surveyed about their passwords and password habits. One question asked participants to write down their passwords and 40% of office workers complied while 22% of IT workers wrote down their passwords. Many of the participants who refused to write down their passwords in the initial questions still inadvertently revealed enough information to construct a password on later questions. In total, 64% of participants eventually revealed their passwords.
While the workers may have felt relatively anonymous by not putting down their company or names on the forms, the IT professionals were attending a convention that required them to wear a name badge – a badge complete with their names and companies.
The survey also discovered more disturbing habits. Nearly half of all workers use the same password with all of their accounts including personal, financial and work. 29% of those surveyed said they knew other people’s passwords and 39% said they would willingly give their password to someone claiming to be from the IT department.
It would be interesting for another organization to do a similar study in the United States, in the interest of peer review of course. Would Americans be as trusting, especially considering our constant bombardment of terrorism warnings? Would a chocolate bar and smile from Sarah Townsend, the holiday elf from the Tom's Hardware Guide Holiday Buyers Guide, get you to divulge your passwords?