Beware of geeks bearing gifts

16 Apr 2007

Office workers and IT professionals are willing to risk company security by giving up their passwords in exchange for a bar of chocolate and a friendly smile, according to a recent survey by UK data security event Infosecurity Europe.

The survey of 300 people was carried out in a London commuter station and at an IT exhibition to ascertain how easy it would be to extract passwords using social engineering techniques.

Participants were approached by a smiling stranger with a clipboard and offered a bar of chocolate in exchange for answering questions about their work passwords.

Some 40pc of commuters gave up their password straight away compared with 21pc of IT professionals.

Those who refused to give their password at this stage were then asked if it was based on a child, pet, favourite football team or similar, at which point the researcher guessed at the password.

This prompting resulted in a further 41pc of IT workers revealing their password with 22pc more commuters giving theirs up.

Overall, 64pc of the 300 people questioned gave their password away. However, it was found that 20pc of organisations no longer use passwords, with 5pc using biometric techniques and tokens as a form of identity.

The survey found that 71pc of workers changed their password monthly although 10pc admitted to rarely changing it.

Some IT experts questioned suggested that changing passwords was not as much a security issue compared to some companies who left the administration password blank.

Just under half of those surveyed were found to use the same password for work as they used for personal web accounts like online banking, retailing and email.

Sam Jeffers, event manager for Infosecurity Europe 2007, said: “This survey shows that even those in responsible IT positions in large organisations are not as aware as they should be about information security.

“It just goes to show that we still have a long way to go in educating people about security policies and procedures as the person trying to steal data from a company is just as likely to be an attractive young woman acting as a honey trap as a hacker using technology to find a way into a corporate network,” he said.

By Marie Boran