Webtrends Tracking Code
 
UK Home >  OUT-LAW News >  News Archive >  2008 >  April 2008 >  Password protection improves among workers, finds survey

Password protection improves among workers, finds survey

OUT-LAW News, 17/04/2008

The number of people prepared to give away their computer passwords on the street has fallen by 67% since last year, according to a survey of London office workers.

Advert: Infosecurity Europe, 22-24 April 2008, Grand Hall, Olympia, London, UKAn annual survey carried out by the organisers of the Inforsecurity Europe conference found that 64% of the people asked for their passwords on the street in a mock survey handed them over. That figure fell to 21% this year.

Researchers stopped 576 workers outside Liverpool Street Station in the City of London and pretended to be carrying out market research. They offered workers a chocolate bar in return for participating in the fake study and asked workers for their passwords as well as their names and dates of birth.

The study found a marked difference between the response of the sexes, with four times as many women as men revealing their passwords. It found that 45% of women and 10% of men revealed their password.

Claire Sellick, the event director for Infosecurity Europe, said that the danger was not just in the revealing of passwords, but of the other data too.

"Our researchers also asked for workers' names and telephone numbers so that they could be entered into a draw to go to Paris. With this incentive 60% of men and 62% of women gave us their contact information," said Sellick.

"Once a criminal has your date of birth, name and phone number they are well on the way to carrying out more sophisticated social engineering attacks on you, such as pretending to be from your bank or phone company and extracting more valuable information that can be used in ID theft or fraud," she said.

Getting a person to actually tell you a password or vital information, rather than trying to break encryption, is called social engineering. The survey uncovered other workplace dangers that leave companies vulnerable to socially-engineered attacks.

The survey found that 58% of the workers would give their password to a phone caller who claimed to be from the IT department and 35% of them thought that at least one other person knew their chief executive's password.

"This research shows that it’s pretty simple for a perpetrator to gain access to information that is restricted by having a chat around the coffee machine, getting a temporary job as a PA or pretending to be from the IT department.”  Sellick said. "This type of social engineering technique is often used by hackers targeting a specific organisation with valuable data or assets such as a government department or a bank.”

 

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.