The survey was carried out by the organisers of Infosecurity Europe 2003, an exhibition at London's Olympia from 29th April to 1st May.
In last year's survey, only 65% of workers interviewed at the station revealed their passwords (although it appeared to lack the incentive of a free pen).
Workers were asked a series of questions which included "what is your password?", to which 75% immediately gave their password. If they initially refused they were asked which category their password fell into – and then asked a further question to find out the password. A further 15% then revealed their passwords.
One interviewee said, "I am the CEO. I will not give you my password – it could compromise my company's information". He later said that his password was his daughters name. "What is your daughters name?" asked the interviewer; and the interviewee replied without thinking, "Tasmin".
This technique for finding out passwords is known as social engineering. It is often used by hackers to gain access to systems, often pretending to be calling from the IT department and requesting a user's log-in and password to "resolve a network problem".
Of the 152 office workers surveyed many explained the origin of their passwords, such as "my name - Cynthia", "my football team - Arsenal", "my car - celica", "my pet's name - Dibbles", "my date of birth". The most common password was "password" (12%) and the most popular category was their own name (16%) followed by their football team (11%) and date of birth (8%).
The survey also found that the majority of workers would take confidential information with them when they change jobs and would not keep salary details confidential if they came across them.
Around 80% of workers would download contacts or competitive information to take with them to their next job, which shows they think it valuable enough to risk stealing it and 55% admitted that they would download company information if asked to by a friend.