The survey was run by the organisers of Infosecurity Europe 2004, an information security exhibition at London's Olympia. It also showed that the majority of workers would take confidential information with them when they change jobs and would not keep salary details confidential if they came across them.
Workers were asked a series of questions which included, "What is your password?" – to which 37% immediately gave their password. If they initially refused, the researchers used social engineering tactics: "I bet it's to do with your pet or child's name" – at which a further 34% revealed their passwords.
Of the 172 office workers surveyed, many explained the origin of their passwords, such as "my team – Spurs," "my name – Charlie," "my car – Mini Cooper," "my cat's name – Tinks."
The most common password categories were family names, such as partners or children (15%), followed by football teams (11%), and pets (8%). The most common password was "admin".
One interviewee who worked at a financial call centre revealed that the office password changes daily, but said it was easy to remember: "it is written on the board so that every one can see it," adding that the board would likely be wiped before the cleaners arrived.
When asked if they would give their password to someone calling from the IT department, respondents were slightly more wary – with only 53% saying that they would not give their password as it could cause a security breach.
That still left just under half of workers vulnerable to social engineering techniques, which are often used by hackers to gain access to systems. They often pretend to be calling from the IT department and request a user's log-on and password to "resolve a network problem."
Password security was also not good between colleagues as four out of ten knew their colleagues' passwords and 55% said that they would give their password to their boss.
One man said his office uses 10 different systems a day, so he and his colleagues share one password for each system so that they can remind each other if they forget.
In addition to using their password to gain access to their company information, two thirds of workers use the same password for personal access such as on-line banking and web site access. Using just one password could make them more vulnerable to financial fraud or identity theft.
Workers used an average of four passwords. Most passwords change on a monthly basis (51%), 3% change their passwords weekly, 2% change them daily, 10% change them each quarter, 13% rarely change their passwords and 20% never change them.
Many of the commuters who regularly had to change their passwords kept them on pieces of paper in their drawer or stored them on Word documents.
Eighty percent of workers were fed up with using passwords and 92% said that they would rather be able to log on using biometric technology such as fingerprint and iris scanners, or be able to log on using smartcards or tokens.
Seventy-one percent of workers would download contacts or competitive information to take with them to their next job, which shows they think it valuable enough to risk stealing it.
By stealing confidential information such as contacts, workers are not only taking a vital asset to a competitor they could also expose their employer to prosecution under the Data Protection Act.
If workers came across a file containing everyone's salary details, 71% of workers didn't think they would be able to resist looking at it (75% in 2003 and 61% in 2002). A further 23% said they would also pass the information around the office.