Computer passwords reveal office workers' secrets

Family-types, fans, and the self-obsessed all give themselves away with easily guessable passwords. Only the cryptics are safe...

Millions of Britons reveal their innermost secrets through their computer passwords, making their office PCs incredibly vulnerable to attack according to a study released today.

Choosing a PC password has largely become a psychology test, with most office workers choosing a word that they believe to sum up their personality.

"So many people tend to subconsciously believe that their password has to sum up the very essence of their being in one word," said Stephen Dyer, chairman of CentralNic who commissioned the poll. "This makes it potentially very simple indeed for anyone to access their computer or secure Internet sites."

The poll, which questioned 1,200 office workers, revealed four distinct categories of people when it comes to passwords. Nearly half of the employees questioned fall into the "family" group, choosing their own name or nickname or the names of their partners, children or pets for their login.

"The family users appear to be people who are not particularly computer-literate but who have incorporated occasional computer use into their everyday life," said professor Helen Petrie, who specialises in human-computer interaction.

According to the study, a third of office workers fall into the "fan" category, by choosing sports stars, cartoon characters or pop stars. Footballer David Beckham emerged as the most popular login, with variations of Homer Simpson and Madonna also proving common passwords themes. "Fans make lifestyle choices when it comes to passwords -- they choose famous people who will be readily identifiable to their peers," commented Petrie.

The more "self-obsessed" employee comprises 11 percent of the British workforce, picking keywords like "sexy", "stud", "slapper" and "goddess". The smallest group -- the "cryptics" -- with just nine percent of the total, are also the most security conscious. They select passwords which mix lower and upper case letters, numbers and punctuation, to create cryptic passwords. "The cryptics are most likely to be what we would regard as "geeks" -- these people opt for "clinical" non-guessable password choices," said Petrie.

The Internet domain name registry CentralNic who commissioned the study, claims that the most common type of password attack comes in the form of "social engineering", when a cracker poses as technical support, and contacts someone in a different department within a big corporation claiming that there is a network problem, and asks for the user's password.

Is your PC safe? Find out in ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.