Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

The Password Is: Chocolate

Almost three quarters of office workers in an impromptu man-on-the-street survey were willing to give up their passwords when offered the bribe of a chocolate bar. The organizers of the conference Infosecurity Europe 2004 plans to disclose today that they surveyed office workers at Liverpool Street Station in England, and found that 71% were willing to part with their password for a chocolate bar.

The survey also found the majority of workers would take confidential information with them when they change jobs and would not keep salary details confidential if they came across the details.

Some 37% of workers surveyed immediately gave their password. If they initially refused, researchers used social engineering tactics, such as suggesting that the password has to do with a pet or children's name. An additional 34% revealed their passwords at that point.

The most common password categories were family names such as partners or children (15%), followed by football teams (11%), and pets (8%). The most common password was 'admin.' One interviewee said, 'I work in a financial call center, our password changes daily, but I do not have a problem remembering it as it is written on the board so that everyone can see it. ... I think they rub it off before the cleaners arrive."

The survey also found that 53% of users said they would not give their password to a telephone caller claiming to be calling from their IT department; four out of 10 knew their colleagues' passwords; 55% said they'd give their password to their boss; two-thirds of workers use the same password for work and for personal access such as online banking and Web site access; workers used an average of four passwords, although one systems administrator used 40, which he stored using a program he wrote himself to keep them secure; 51% of passwords were changed on a monthly basis, 3% changed passwords weekly, 2% daily, 10% quarterly, 13% rarely, and 20% never change them; and many workers who regularly had to change their passwords kept them on piece of paper in their drawers or stored on Word documents.