Giving Up Passwords For Chocolate 710
RonnyJ writes "The BBC is reporting that, according to a recent survey, more than 70% of people would willingly give up their computer password in exchange for as little as a bar of chocolate. Over a third of the people surveyed even gave out their password without having to be bribed, and most indicated that they were fed up with having to use passwords."
A big problem... (Score:5, Informative)
...at many of the places I've worked at is that the users have as many as a dozen passwords to remember for different systems, and each one expires at a different time and has different rules for how long and complex it has to be.
Most of them keep their passwords written down on a sheet of paper right on their desk.
Re:Passwords and memory (Score:5, Informative)
http://sourceforge.net/projects/passwordsafe/
Re:Break their fingers (Score:3, Informative)
Re:Passwords and memory (Score:3, Informative)
Reading a lot of science-fiction and fantasy books also helps much - especially when you can read them in some non-Western language. "Rohan" or "Alderan" will be too obvious, but "BalduryiBadubiny" won't be that easy to be crack by brute force - while it's very easy to memorize (and pronounce!) if you can read Stanislaw Lem in Polish.
Re:This doesn't surprise me at all... (Score:2, Informative)
Having volatile resources to protect, like disk quotas or print quotas, can help, but then you need to give users a fighting chance by providing constant education verbally and written as well has having a secure system. I suspect that one reason a lot of users don't take it seriously is that many (most) highly hyped "IT-Solutions" / E-Thneeds come across as Mickey Mouse.
Re:This doesn't surprise me at all... (Score:1, Informative)
A few days later I received a letter confirming the upgrade, and lo-and-behold, they had felt the need to remind me what my password was. I'm not even sure if I like the fact that they can tell me what my password is but sending it through the post in plain text is just dumb.
/. password SSL (Score:2, Informative)
Correct me if I'm wrong, but
This is old news... (Score:4, Informative)
It's still interesting to see that in two years of cybercrime and media frenzies that nothing has really changed...
Re:This doesn't surprise me at all... (Score:4, Informative)
And the other side of the coin.... (Score:3, Informative)
Hell, I have received maybe 200 passwords while working here, and I don't remember any of them. I don't keep them stored anywhere, and I don't have eidetic memory, so there's no risk. And still I hear the "I use the same password in several places, and I don't want to change all those passwords if I gave you my password!". If you are so careful when it comes to security, you shouldn't use the same password everywhere! And yes, you CAN give your password to the IT-department if they walk up to you and ask you for it. If you don't... well, we can always reset your password!
Sheesh, some people....
Re:I'd give up mine for sex! (Score:3, Informative)
Fraternity secrets would involve the procedure of becoming a member, the rituals of the house, etc. Some houses are more secretive than others.
Watch Animal House or any other fraternity movie to get the general idea.
He's not joking, I've seen this done before ... (Score:4, Informative)
I have seen it done on three occasions, each time someone who has just fallen asleep ( cat/power napped ) at their desk.
Most passwords don't protect anything (Score:3, Informative)
A whole lot of the places I visit protect absolutely nothing of significance to me with their password. As in, maybe I can select a color scheme for a site, or similar. And for a lot of those, I know perfectly well I'll never go back to a site; I just have to do a one-time transaction. Exactly how concerned am I supposed to be that "hackers" might change my color scheme on a news website. Actually, a lot are even worse than that--like commercial newspapers (NYT and friends): I can't even change a color scheme, they just insist on me giving them demographic info. But it's a one way thing, you can't see or change it after "registration." Even if crackers -could- change how old the NYT thinks I am, why do I care about that exacty?
Opinions of security are probably harmed by the overuse of security measures where there is self-evidently no reason to have them. Casual users get in the habit of thinking passwords are just a nuisance... even when the -do- something significant.