Forgot your password?
typodupeerror
Security

Giving Up Passwords For Chocolate 710

Posted by CmdrTaco
from the my-password-is-hershey dept.
RonnyJ writes "The BBC is reporting that, according to a recent survey, more than 70% of people would willingly give up their computer password in exchange for as little as a bar of chocolate. Over a third of the people surveyed even gave out their password without having to be bribed, and most indicated that they were fed up with having to use passwords."
This discussion has been archived. No new comments can be posted.

Giving Up Passwords For Chocolate

Comments Filter:
  • A big problem... (Score:5, Informative)

    by Lord_Frederick (642312) * on Tuesday April 20, 2004 @08:23AM (#8915074)

    ...at many of the places I've worked at is that the users have as many as a dozen passwords to remember for different systems, and each one expires at a different time and has different rules for how long and complex it has to be.

    Most of them keep their passwords written down on a sheet of paper right on their desk.

  • by mrwonka (131100) on Tuesday April 20, 2004 @08:36AM (#8915163)
    try passwordsafe

    http://sourceforge.net/projects/passwordsafe/

  • by Maestro4k (707634) on Tuesday April 20, 2004 @08:39AM (#8915197) Journal
    • But if users don't like using password, why force them.
    Because of all the extra vulnerabilities it exposes. If a malicious attacker gains access to their account the number of ways they can try to get root privledges grows. There are quite a few root exploits you have to have an account on the system to use. Besides, the passwords are for their protection too, from things such as the E-mail to the user's boss you mention to losing personal information. (I've seen users who stored their credit card account numbers in a plain text file for "convenience".) Basically sysadmins aren't just trying to protect the systems, but the users as well -- even if that means protecting them from their own idiocy.
  • by Trurl's Machine (651488) on Tuesday April 20, 2004 @09:09AM (#8915450) Journal
    The key is to make them memorable, pronouncable non-words.

    Reading a lot of science-fiction and fantasy books also helps much - especially when you can read them in some non-Western language. "Rohan" or "Alderan" will be too obvious, but "BalduryiBadubiny" won't be that easy to be crack by brute force - while it's very easy to memorize (and pronounce!) if you can read Stanislaw Lem in Polish.
  • by SgtChaireBourne (457691) on Tuesday April 20, 2004 @09:13AM (#8915488) Homepage
    sometimes I'd just ask their login name and they'd just blurt out, "My login is sueray22 and my password is newyork!"
    Most sites I've been at go to great lengths to ensure that users know never to give out their passwords for any reason. However, in one geographic area I've actually seen / heard admins ask users over the phone or via e-mail for their passwords. Nothing I could say or do could convince them that not only was that unnecessary, but a Very Bad Thing ®.

    Having volatile resources to protect, like disk quotas or print quotas, can help, but then you need to give users a fighting chance by providing constant education verbally and written as well has having a secure system. I suspect that one reason a lot of users don't take it seriously is that many (most) highly hyped "IT-Solutions" / E-Thneeds come across as Mickey Mouse.

  • by Anonymous Coward on Tuesday April 20, 2004 @09:16AM (#8915534)
    When I upgraded from dial up to broadband, the monkey at the other end of the phone asked me if I knew what my password was... well, yes, obviously.

    A few days later I received a letter confirming the upgrade, and lo-and-behold, they had felt the need to remind me what my password was. I'm not even sure if I like the fact that they can tell me what my password is but sending it through the post in plain text is just dumb.
  • /. password SSL (Score:2, Informative)

    by bstil (652204) on Tuesday April 20, 2004 @09:24AM (#8915621)
    I use one password for anything I don't really care about (/. login)

    Correct me if I'm wrong, but /. login isn't through SSL. So I wouldn't use the same password for /. as for Citibank, etc.
  • This is old news... (Score:4, Informative)

    by lewko (195646) on Tuesday April 20, 2004 @09:27AM (#8915649) Homepage
    I suspect this was a journalist looking for a creative spin on an old story. The European Infosecurity 2003 conference came to the same conclusion when it discovered workers were prepared to give away their passwords for a cheap pen [theregister.co.uk].

    It's still interesting to see that in two years of cybercrime and media frenzies that nothing has really changed...

  • by GigsVT (208848) on Tuesday April 20, 2004 @09:28AM (#8915662) Journal
    Hah, no, it means they are keeping your plain text password in a database somewhere, instead of only keeping an unreversible hash like they should.
  • by 10Ghz (453478) on Tuesday April 20, 2004 @09:39AM (#8915786)
    Are the people who will not give their password, no matter what. As "the IT-guy" I require access to just about all computers here. And yes, that includes the end-user desktops/laptops. And there are some people here who simply refuse to give me the passwords to their system! Noooo, they have to type the password themselves. And that means I have to drag them from their meetings and such just so they can log in to their machine so I could work on it!

    Hell, I have received maybe 200 passwords while working here, and I don't remember any of them. I don't keep them stored anywhere, and I don't have eidetic memory, so there's no risk. And still I hear the "I use the same password in several places, and I don't want to change all those passwords if I gave you my password!". If you are so careful when it comes to security, you shouldn't use the same password everywhere! And yes, you CAN give your password to the IT-department if they walk up to you and ask you for it. If you don't... well, we can always reset your password!

    Sheesh, some people....
  • by VertigoAce (257771) on Tuesday April 20, 2004 @10:19AM (#8916261)
    Fraternities are social organizations in college in the US. Some are coed and service oriented. What most people refer to, though, are all male and are mostly social in nature.

    Fraternity secrets would involve the procedure of becoming a member, the rituals of the house, etc. Some houses are more secretive than others.

    Watch Animal House or any other fraternity movie to get the general idea.
  • by NZheretic (23872) on Tuesday April 20, 2004 @11:33AM (#8917294) Homepage Journal
    You have got to catch the person at just the right time when they are falling asleep and it has to be an action that the person often performs in a repetitive manner. Extreme tiredness and a little alcohol about 20min before hand helps

    I have seen it done on three occasions, each time someone who has just fallen asleep ( cat/power napped ) at their desk.

  • by Lulu of the Lotus-Ea (3441) <mertz@gnosis.cx> on Tuesday April 20, 2004 @12:34PM (#8918144) Homepage
    I'd gladly give up my password to many sites for a bar of chocolate. I'd be getting a great deal. Heck, I'll tell you all now: it's "password"... or sometimes if the sites use a dictionary check, I'll go for "password1".

    A whole lot of the places I visit protect absolutely nothing of significance to me with their password. As in, maybe I can select a color scheme for a site, or similar. And for a lot of those, I know perfectly well I'll never go back to a site; I just have to do a one-time transaction. Exactly how concerned am I supposed to be that "hackers" might change my color scheme on a news website. Actually, a lot are even worse than that--like commercial newspapers (NYT and friends): I can't even change a color scheme, they just insist on me giving them demographic info. But it's a one way thing, you can't see or change it after "registration." Even if crackers -could- change how old the NYT thinks I am, why do I care about that exacty?

    Opinions of security are probably harmed by the overuse of security measures where there is self-evidently no reason to have them. Casual users get in the habit of thinking passwords are just a nuisance... even when the -do- something significant.

I don't want to achieve immortality through my work. I want to achieve immortality through not dying. -- Woody Allen

Working...