How Much is Your Password Worth?

Wednesday, November 10, 2010

Dan Dieterle


What would it take for someone to buy your password from you?

Come on, be truthful, what would it really take for someone to bribe you out of your work password?

The price would be pretty steep right?

Well, according to reports from London, a good percentage of office workers polled gladly surrendered their work password for… Chocolate.

Well, not everyone caved for chocolate. Some held their password in much higher worth; it took a cheap pen to pry it out of them.

Office workers in London have been approached over several years and asked to sell their passwords for trinkets. In 2002, 65 percent of people polled gave up their work password for a pen. In 2003 it was worse, 90 percent did.

In 2004, 71 percent of people polled gave up there passwords for a candy bar. 37 percent gave it away for free!

Well, that was a long time ago, office workers have been inundated with warnings about protecting their passwords. With the increase of security policies and education, things would be much different now.

Well, as recent as 2008, things haven’t changed much. In April 2008, a poll conducted prior to the London Infosecurity Europe conference showed that chocolate was still an effective social engineering tool.

70 percent of those polled gave up not only their user name but their password as well in the name of chocolaty goodness. Some must have been on a diet, as 34 percent gave them away for free.

Granted, some may have lied just to get a candy bar, but what if they didn’t? Could your network security be compromised by a Snickers bar? Or a Twix? Or, how about this bright, shiny pen?

Users will always be the weakest link in network security. Multiple authentication methods are the best way to go.

Cross-posted from Cyber Arms

Possibly Related Articles:
Network Access Control
Passwords Social Engineering Network Access Control Security Testing
Post Rating I Like this!
Allan Pratt, MBA Good post, Dan.
Dan Dieterle Allan, thank you, I appreciate it.

I saw this information in an older book I was reading (Protect your Windows Network from Perimeter to Data) and then saw that they still do this in London every couple years.

Pretty crazy!
Terry Perkins Just say "no" to single sign-on. :)
Dan Dieterle I was thinking Terry that someone should make some modern day inspirational posters like they had in WWII. Like the "Loose lips sink ships" ones.

But I guess in this case it would be "Don't be a snacker, stop a hacker". :)
Terry Perkins HaHa.... that's funny, Dan.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.