Giving Up Passwords For Chocolate

RonnyJ writes "The BBC is reporting that, according to a recent survey, more than 70% of people would willingly give up their computer password in exchange for as little as a bar of chocolate. Over a third of the people surveyed even gave out their password without having to be bribed, and most indicated that they were fed up with having to use passwords."

I'd give up mine for sex!

[walter_kovacs]

Yes, I am that desperate.

not for chocolate

[millahtime]

I wouldn't give it up for chocolate but I'd sure think about it for some p0rn or a good lap dance.

What's so wrong about that??

[JasonBee]

My users do that all the time, if I am to believe that all those candies sitting in urns on desks serve a purpose! And to think my wife works at Nestle! JB

FP

[Anonymous Coward]

My passwords "first post".

OOPS!

You got Root!

passwords are just

[harumscarum]

way overrated.

Pork Rinds!

[Anonymous Coward]

One bag of pork rinds, and I'll give complete superuser access to anybody!

This doesn't surprise me at all...

[Punk Walrus]

I can't count how many times I have been helping out people with computers and they just blurt out their passwords to me. Even if I don't ask.

Punk: Okay, you say you can't get the NVidia card to work in Red Hat. Let's go to the NVidia site and download--
Dude: My root password is money45!
Punk: [dope smack] NEVER DO THAT AGAIN!

Even back in the days I did call support for an ISP, sometimes I'd just ask their login name and they'd just blurt out, "My login is sueray22 and my password is newyork!"

Uh ... yeah I'll tell you my password.

[bryanp]

It's YERAWANKER. Now where's my chocolate?

Oh, wait. You wanted my REAL password? Well, that'll cost you another chocolate bar. Of course I'll give you my real password this time. Would I lie to you?

Re:Wait a minute

[Anonymous Coward]

maybe their choices on the poll were as bad as Slashdot Polls.

Was give it up for CowboyNeal an option?

Ah, yet another nugget

[DarrylKegger]

in the growing body of evidence to support my thesis that most people
really dont give a crap about anything past their next meal.

So, thats why admins are fat!

[Lispy]

And I thought it was because we dont go outside. ;-)

Re:I'd give up mine for sex!

[Anonymous Coward]

> I'd give up mine for sex!

Hey! That's my password for my root account too. (Except I don't add have spaces.)

No-one has cracked my computer yet, so I know it must be a good password.

Re:Wait a minute

[JohnGrahamCumming]

> Management and business types, and of course home users,
> don't think security is a big complex model. They think
> "oh, we have a firewall... we're safe" and that's the end of it.

I am a management type [electric-cloud.com], you insensitive clod :-)

John.

Solution

[Chuck Chunder]

Assign people passwords rather than let them choose their own. Make them easy to remember phrases like:

"Fuck off you mother fucking fuck fucker"

Then see if they'll spurt them out to people on the street.

Secret tools of the hacker toolbox...

[adamofgreyskull]

PC.......$600
DSL......$20/month
nmap.....free.

Being pipped to the post by a reporter with a snickers bar.....Priceless.

There are some things even money can't buy, for everything else there's Masterfoods, Plc. [masterfoods.com]

These people are too easy...

[cableshaft]

I'd only give up my password for dark chocolate.

Re:Any takers?

[vivian]

Me! Me! My root password is "changeme".
Please mail the checque to

1A Merz St
Liverpool

this study....

[WebMasterJoe]

This study brought to you by Klondike. What would you do for a Klondike bar?

67 passwords

[NetDanzr]

My boss has 67 different accounts with various financial Web sites. He's really dilligent, and always creates a different user name and password. Then he puts them all, along with the proper Web site address, into an Excel spreadsheet, prints them out and leaves them next to the computer.

Kinda useless, if you ask me. I prefer to have 3-5 different passwords and use post-its attached to my monitor.

I'm not sure whether

[Anonymous Coward]

you realise that such a deal will ensure your getting rooted twice?

The second one might not be so pleasant.

Still, it's probably better than being an OpenBSD hacker and having never been rooted at all.

(and please don't mod up the karma whore who follows this going "don't stereotype geeks waa waa waa" it's a joke...laugh)

Re:I'd give up mine for sex!

[AppyPappy]

A guy on my hall gave up his fraternity secrets for sex.

Our new tablet PC's have card readers. When I worked at a Fortune 70, we found that no employee over Sr Manager level could remember a password, even if written down where they could see it. So what do you do. We just gave them a blank password. Now they could do emails and spreadsheets but not passwords.

Go figure.

Some password advice ...

[bryanp]

Occasionally you may HAVE to tell someone your password. Keep that in mind selecting one. Consider this exchange I had with one of my users a while back:

Bryan: "What's your password on this system?"

Tammy: "Uh ..." *blush* "Do I have to?"

Bryan: "No, you can always call the help desk like you're supposed to, but I can't reset your password on this system."

Tammy: "Um ... it's ... TPBP6969. It's my initials followed by my husband's initials. Please don't tell anyone!"

Bryan: "Considering your husband and I have the same initials I think I'll keep that one to myself. But in the future you might want to select a less ... personal password."

Listen Here You Geeks

[Anonymous Coward]

Why do you find this surprising? I know most of you don't know what a woman is, but do you know how badly they crave chocolate? If you learn this simple fact, the world will be come your oyster, so to speak. Now get ye gone and lose that virginity!

I weep for the future.

[buysse]

Now, I just need to figure out how to do strong biometric identification over ssh or SSL-imap... preferably authenticating against some part they won't let people play with for mere chocolate...

Re:I'd give up mine for sex!

[Hogwash McFly]

I'd also give mine up for love.
Maybe also for a secret.
Hell, I'd also do it for God.
Although not neccesarily in that order.

Re:I'd give up mine for sex!

[eclectro]

Yes, I am that desperate.

If you're that desperate, [google.com] I think it's pretty safe to say that you are not going to get any chocolate either.

Re:I'd give up mine for sex!

[Anonymous Coward]

Cool. I'll bring the goat around about 7pm.

Anybody know the favourite chocky bar of.......

[MrIrwin]

a) A lead software architect at MS, b) The comptroller at Amex, c) George W.Bush, d) The webmaster of iTunes.com e) CmdrTaco

Any help will be gratefully recieved and results will be shared with all. Oh boy will they be shared........

Re:Passwords and memory

[dyefade]

I used to have my password as a pattern typed on the keypad. The password, as far as I was concerned, was a pattern on the keyboard, not a number.
But... I tried to use the same thing on an ATM machine for typing in my PIN number, but the keypads aren't the same... so I had to go in to the bank and explain my mistake... oops.

789
456
123
Keyboard

123
456
789
ATM machine

you are so cruel

[Anonymous Coward]

man.... sueray22 and punk are gunna get owned now

Slashdot's a secure site?

[adamofgreyskull]

I gave my slashdot login/passwd away ages ago, and my karma's only gone up.

Re:I'd give up mine for sex!

[jayhawk88]

What the hell kinds of secrets can a fraternity have? Best cheap beer to get drunk on? How much money it really takes to buy friendship? Best time to slip date-rape drug into your dates drink?

As Ben Franklin would put it...

[k4_pacific]

Those who would give up security for chocolate deserve neither.

Extracting passwords from sleeping sysadmins...

[`Sean]

A friend of mine is particularly anal when it comes to security. He's a network security geek for a major college in the Boston area, and security is his life. Unfortunately, he'll interact with you when he's just entered Level 1 REM sleep.

About 7 years ago, he was crashed out on the floor of my apartment after a late night session. Since I was still coherent, I started saying random command prompts and command lines to him. He had just fallen asleep, and was finishing the prompts!

Me: rm -rf
Him: star

Me: apachectl
Him: restart

Me: shutdown
Him: -h now

And then I upped the stakes.

Me: username
Him: blurted out his username

Me: password
Him: blurted out his password

I left him an e-mail from himself that evening, and then went to bed. The next morning, he said "cute trick, but anyone can forge the From: header". I told him to go and double-check the received line, and he'd see that it was sent from localhost on a server that I didn't have an account on.

He was rather annoyed and amused at the same time...

Priceless.

just like the old commercials...

[enrico_suave]

"what would you do for a klondike bar"
*shakes head in shame*
e.

Re:I'd give up mine for sex!

[Ansonmont]

Actually, the biggest Frat secret is the "Tell frat secrets for sex trick." Shh.

IANAFB (Fraternity Brother)

In other news...

[sjwt]

Chocolate stocks worldwide surged due to heavy buying form a someone knoew only as "3l33t hax0r"

Re:Wait a minute

[Creepy]

yeah - but honestly, I'd give up my Windows password for a beer if you're buying...

oh, crap, I just remembered, Windows XP defaults to admin users having no passwords - I guess I have to turn that feature on first :P

(thankfully that box sits behind a Linux router firewall)

Wrong interpretation

[edp]

This survey didn't prove people treat passwords as unimportant. It proved chocolate is more important than passwords! Get your priorities straight.

What does it protect?

[Fuzzums]

If it was just documents of my work? who cares? My co-workers NEED to see those documents anyway!

What does my password protect? Private files? Am I supposed to have private files at work? I guess not. Secrit files then? Ok. possibly.

To track possible abuse? They're allowed to use my phone too, do I have to password-protect that too?

But hey, if it's about my admin password..
That's a different story.
Then I'd like to have some chocolate too!

Re:This doesn't surprise me at all...

[plover]

I've found that when I'm helping people over the phone, they'll actually speak them out loud as they type them. I think these are the people whose lips move as they read.

Me: Now I need you to log in, please, using your account and password.
They: OK, that's M459465, uhh... k-e-v-i-n-2-1. There. I'm in!
Me: sigh.

Re:I'm not sure whether

[Throtex]

don't stereotype geeks waa waa waa

Re:Passwords and memory

[chef_raekwon]

Remembering passwords is easy. I have lots of them.

yes for me too! for example - my name is Rick, so my password is rICK. or RiCk or rick.

it is very easy to remember, and, when someone asks me for my password, I just tell em what it is! I dont have to put it on a piece of paper or nothing.

Re:A big problem...

[Anonymous Coward]

Folks just have SO many web sites that use different passwords, and to make it worse, most of the sites don't have the same username.

That's why we need to exclusively use Microsoft Passport and let the Microsoft Security team handle all our logins.... ;) (that's a joke)

Re:Passwords and memory

[Anonymous Coward]

my password is **********

Re:Solution

[plover]

Heh. I remember seeing something about secure passwords that went like this:

Corporate Security Password rules:

• Your password must contain more than 8 but less than 10 characters.
• Your password must contain alternating vowels and consonants.
• Your password must contain both upper case and lower case characters.
• Your password must contain one numeric digit and one non-alphanumeric character.
• Your password must consist of characters typed using alternating hands, starting with the left hand.
• Your password may not be a series of letters appearing in order on the keyboard in any direction.
• Your password may not contain any proper nouns.
• Your password may not be the same as any of your ten previous passwords.
• Your password may not be a word from the dictionary.
• Your password may not be the same as any password used on any other system.

As a matter of fact, there is only one word that meets all of these requirements. It is therefore the most secure password in the world, and so it has been assigned to you as your password.

Re:I'd give up mine for sex!

[GTRacer]

...we found that no employee over Sr Manager level could remember a password...

I worked for a small privately-held HR-and-Admin services firm, and the head honcho managed to lock himself out on a regular basis...despite the fact that his password was his flipping first name with a 1 at the end.

I never did have the guts to "hint" him with, "What's your first name, Sir? Then put your I.Q. at the end. No, not your shoe size. Your I.Q. It's gotta be one digit..."

Oh well. I had a great supervisor and I learned a lot.

GTRacer
- It's not me

Re:I'd give up mine for sex!

[kzinti]

Are you kidding? Frats have two complete sets of secrets: the real secrets, and the secrets you "give away" for sex! Ask any girl hanging around the house if she knows the secret handshake. If you she shows you the "sex" secret, then you know she's been laid by a brother. (If she shows you the real handshake, then she's been laid by a brother who was too drunk to remember which was which.)

Re:Passwords and memory

[nomadic]

True, but does turning a key force you to remember a complex stored memory? Nope.

Finding my keys does...

Re:Passwords and memory

[Hans Lehmann]

try passwordsafe

I just changed all my passwords to 'passwordsafe'. They seem to work just as well as all those hard-to-remember passwords I had before. That is what you meant, isn't it?

Did they really give it up?

[logicnazi]

How do they know this doesn't just show people are dirty lying bastards. I'd give up a random string of charachters I made up on the spot for a bar of chocolate!

Re:Break their fingers

[Lanoitarus]

Most system administrator would wish that they had a company policy which allowed them to break the fingers of users who share their passwords that doesnt encourage password sharing or anything... "hey mike, my fingers are broken, can you type in my password for me?"

Re:Extracting passwords from sleeping sysadmins...

[Anonymous Coward]

I'd hate to see what happens when he segfaults...

Re:This doesn't surprise me at all...

[nutshell42]

A friend of mine switched back to point-to-focus after having used click-to-focus exclusively for a few years.

First thing he did was accidently posting his root-pw in a irc channel with 2600 users. Damn fine password it was =)

Re:I'd give up mine for sex!

[red floyd]

Dammit! You just gave away the real secret... the fact that there are two sets of secrets! And you only did it for karma, not even sex!

How come I only get cookies

[Netsnipe]

and not chocolates when I enter my root password to login on websites such as Slashdot?

Re:Passwords and memory

[4of12]

All this by showing half an interest and sounding like you know what you're talking about. But then, maybe the IT department here is useless.

Dude, show competance like that and you'll be drafted into the IT department and then you'll really be sorry.

Re:Extracting passwords from sleeping sysadmins...

[DaveTheTriffids]

Since I was still coherent, I started saying random command prompts and command lines to him.

You started saying random command lines to a sleeping person, and you claim you were still coherent?

Great story, though.

Re:Some password advice ...

[binbag]

One of my colleagues swiftly changed one of his passwords recently. It was analyst with a capital A and the 'y' replaced with a '1'. The day he changed it was the day he had to give it to a support techie over the phone, when she read it back as "anal first" he realised what he'd done...

Personal Info

[illuminatedwax]

This is a bit off-topic, but a friend of mine had an account at a bank that would only allow you to access your information if you could answer a particular question. You could set the question and answer to whatever you wanted. His question was:
"What are you wearing?"

His response?

"I don't think that's an appropriate question."

--Stephen

Re:Passwords and memory

[hswerdfe]

Funny I have 4 passwords

Low security Internet (slashdot/monster/..etc..)
one for home (12 random key strokes)
one for finance (another 12 random key strokes)
and one for work....my onw for work is "password"

any one care to guess how much I like my job?

Re:I'd give up mine for sex!

[potifar]

Just as long as nobody mentions the third sets of secrets, everything should be fine.

Re:I'd give up mine for sex!

[niittyniemi]

> At the last IT firm I worked for, the CEO had a four-letter
> password. I'm not going to say what it was, but it was the name
> of an animal.
>
> That was bad enough, but it was the name of an animal he had
> tattooed on his forearm.

Was it a cock by any chance? ;)

It depends on the value of the information

[Anonymous Coward]

• You want my private PGP key? Not a chance.
• You want my financial password? Forget it.
• You want root on my home server? You can't afford it.
• You want my cellphone number? I could tell you for US $10,000, but first I'd have to kill you.
• You want the password I use on Slashdot? $20.
• You want the password for my login at work? Yeah, you could have that for a chocolate bar.

Re:I'd give up mine for sex!

[AppyPappy]

The worst thing is everytime power went out, we would get these memos from the CFO wanting retina-reading or fingerprint reading technology for passwords. Jiminy Christmas. A $10k password-avoidance media on a $5k machine because a $100k VP can't remember a stupid password like his wife's name. I should have changed the VP-Personnel's password to "mysecretaryridesthebalonypony". He would have remembered that! (note: The first guy listed in Contacts in the email directory gets a lot of interesting stuff because they get added to the To: box by accident a lot)

here's a typical IT move...

[maxpublic]

At my wife's place of work (she's a research scientist for a major university) IT will delete the old passwords, then send out an email informing the employees that their passwords are no longer good and that they need to be changed.

Of course, to read your email, much less change your password, you need to log in. And you can no longer log in because your password has been deleted. Therefore, no one ever receives the email that their passwords need to be changed, nor could they do anything about it even if informed. Eventually enough people call up IT to ask them what the hell is going on, prompting them to restore the old passwords long enough for everyone to get on, read their mail, and change their password.

The IT department at her university has pulled this idiocy more than once. In fact, one time they restored the old passwords, everyone dutifully changed them, and then IT deleted the new passwords!

If ever there was an IT department where it was a requirement to have the word "LOSER" stenciled on one's forehead, this one takes the cake.

Max

Re:I'm not sure whether

[Rakarra]

Even though the moderation guidelines suggest not doing it, I'm sure many moderators browse at +1 or higher.