Two-thirds of workers fall for password honeytrap

Survey finds that it only takes a chocolate bar and a smile to get staff to reveal their passwords

The majority of UK office workers will hand over their computer passwords in exchange for "a bar of chocolate and a smile", according to a new study from the organisers of the annual Infosec show.

The survey of 300 office workers and IT professionals was carried out at London stations and an IT trade show and found that 64 percent of the 300 people approached could be tricked into handing over their password in return for a flirtatious conversation and a free bar of chocolate.

The researchers used social engineering techniques to gain the information, initially asking the delegates if they knew what the most common password was and asking them what their password was. At this stage 40 percent of commuters and 22 percent of IT professionals told the interviewer their password.

If respondents initially refused to hand over their password the researcher then asked if it was based on the name of a child, pet or football team and began guessing possible passwords. At this point a further 42 percent of IT professionals and 22 percent of commuters divulged their password.

"What is most surprising is that even when the IT professionals became slightly wary about revealing their passwords, they were put at their ease by a smile and a bit of smooth talk," said Sam Jeffers, event manager for Infosecurity Europe 2007. "It just goes to show that we still have a long way to go in educating people about security policies and procedures as the person trying to steal data from a company is just as likely to be an attractive young woman acting as a honey trap as a hacker using technology to find a way into a corporate network."