Like passwords for chocolate?

Like passwords for chocolate?

Summary: Most UK office workers will tell a complete stranger their corporate password - in exchange for a bar of chocolate

TOPICS: Security

A survey of office workers in London found that almost three quarters would reveal their network-access password in exchange for a bar of chocolate.

The survey was conducted by the organisers of Infosecurity Europe 2004, a security exhibition to be held in London next week. They offered 172 commuters at Liverpool Street Station a bar of chocolate if they would reveal their corporate password. Surprisingly, 37 percent immediately agreed, while another 34 percent were persuaded to give up their secret access codes when the interviewer commented that it was most likely to be the name of their pet or their child.

Claire Sellick, event director for Infosecurity Europe 2004, said the results prove that employers are not educating their users about the importance of information security: "This comes down to poor training and procedures. Employers should make sure that their employees are aware of information security policies and that they are kept up-to-date," she said in a statement.

According to the survey, most participants were unhappy remembering so many different passwords and would prefer to use either biometric authentication -- such as fingerprint recognition -- or smartcards. "Clearly, workers are fed up with having to remember multiple passwords and would be happy to replace them with alternative identification technology," said Sellick.

At the RSA Security conference in San Francisco last month, Microsoft's chairman Bill Gates said traditional passwords are dying out because they cannot be relied on to keep critical information secure. During his keynote, Gates said: "There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems, they write them down and they just don't meet the challenge for anything you really want to secure."

Topic: Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Did anyone actually check the passwords (that would probably be a crime)? I would gladly give a fake password for a bar of chocolate.
  • How do you know the passwords exchanged for chocolate are real? Is there any scientific basis to this survey, if not then it is at best seriously flawed and at worst worthless.
  • Passwords are far too open to abuse. A very great part of this is down to how IT departments keep forcing changes on a monotonous basis. My current 0HSH1T and my next G02L represent my feelings on the subject.

    Make life easier and go down the road of fingerprints or similar.
  • It's not enough to question the genuineness of the password given in exchange for the chocolate; we have to be sure it's real chocolate.
  • Alas I didn't get confronted by the passwords for chocolate folks. I free bar in exchange for a commonly used password that I would never use would have been like taking candy from a baby. :-)
  • did anyone check whether the chocolate was real?