Would you sell your password for chocolate?

I would at least hold out for really good chocolate but according to a study conducted in advance of the Infosecurity Europe conference in London, 70% of people surveyed at the Liverpool Street station on the London tube were happy to give up their login and password for a candy bar.

Want to know what's worse? 34% gave out their ID and password to the researchers without any chocolate. I'd at least have gotten a Milky-Way bar out of the deal.

The reports of the study I've read didn't say which logins and passwords people turn over, but since the study also discovered -- surprise! -- that people tended to use obvious passwords or the same password on multiple systems, it really doesn't matter. Clearly, user ids and passwords are pretty darn useless as a real world defense against would-be crackers.

You can preach all you want to employees, students, what have you, about the need for good passwords. It won't matter. They'll not only use keep using their dog's name or favorite football team names for passwords—that's Twiggy and the Pittsburgh Steelers for me by the way--they'll give it up for candy more often than not. I wonder... if you offered people a hot, fresh chocolate-chip cookie, could you get them to turn over the office keys? It seems likely!

Seriously. It's time to move to a different system. Biometrics, smart cards, heck, I don't know. I just know that if I can stand outside a business and trade Snickers bars for employees' passwords, we need to move to something better ASAP. If not, well if your company has a major security breech, and you trace it down to a staffer's desk that has an unusually large number of Reese Peanut-Butter Cup wrappers in the trash can, you'll have only yourself and mankind's eternal sweet-tooth to blame.

Copyright © 2008 IDG Communications, Inc.

  
Shop Tech Products at Amazon