Keep tight on those passwords, ladies and gentlemen

The old wartime expression was, “Loose lips sink ships.” Should a modern-day equivalent be, “Loose lips sink networks?”

InfoSecurity Europe today issued a press release that says,

A survey by Infosecurity Europe of 576 office workers have found that women far more likely to give away their passwords to total strangers than their male counterparts, with 45% of women versus 10% of men prepared to give away their password, to strangers masquerading as market researches with the lure of a chocolate bar as an incentive for filling in the survey. The survey was actually part of a social engineering exercise to raise awareness about information security. The survey was conducted outside Liverpool Street Station in the City of London.

The release, entitled, “Women 4 times more likely than men to give passwords for chocolate,” also said,

This year’s survey results were significantly better than previous years. In 2007 64% of people were prepared to give away their passwords for a chocolate bar, this year it had dropped to just 21% so at last the message is getting through to be more infosecurity savvy. The researchers also asked the office workers for their dates of birth to validate that they had carried out the survey here the workers were very naïve with 61% revealing their date of birth. Another slightly worrying fact discovered by researchers is that over half of people questioned use the same password for everything (e.g. work, banking, web, etc.)

Fascinating results… and alarming, says Claire Sellick, event director for the conference:

After the survey was completed, each worker was told ‘We do not really want your personal information this is part of an exercise to raise awareness about information security as part of Information Security Awareness Week which runs from the 21-25 April 2008. We will tabulate results to find out how good people are at securing their information.’ At this one man told one of our pretty researchers you look so well dressed and honest I did not think you could be a criminal, which was a sentiment echoed by many others.

Claire Sellick continued “This is precisely the problem, whether a criminal approaches you on the street or online, they will often not be who they appear to be, a criminal can often look very presentable. Many of the social engineering techniques used by face-to-face fraudsters have been adopted by criminals to encourage people to open spam emails or visit websites that are infected with viruses, trojans or malware collectively known as crimeware. The crimeware silently takes control of PCs and other devices then steal identities and cash or in many cases joins the PCs to a network of controlled PCs as part of a “BOTNET” to launch attacks on other people or organisations.”

Check out the release — you’ll find it fascinating and worrisome.

Z Trek Copyright (c) Alan Zeichick