Office Workers Willing To Leak Passwords for Chocolate

Almost three quarters of office workers in an impromptu man-on-the-street survey were willing to give up their passwords when offered the bribe of a chocolate bar.

April 19, 2004

5 Min Read
Network Computing logo

Almost three quarters of office workers in an impromptu man-on-the-street survey were willing to give up their passwords when offered the bribe of a chocolate bar.

The organizers of the conference Infosecurity Europe 2004 plan to announce on Tuesday that they surveyed office workers at Liverpool Street Station in England, and found that 71 percent were willing to part with their password for a chocolate bar.

The survey also found the majority of workers would take confidential information with them when they change jobs, and would not keep salary details confidential if they came across the details.

Some 37 percent of workers surveyed immediately gave their password. If they initially refused, researchers used social engineering tactics, such as suggesting that the password has to do with a pet or children's name. An additional 34 percent revealed their passwords at that point.

The company said: "Of the 172 office workers surveyed many explained the origin of their passwords, such as 'my team - Spurs,' 'my name - Charlie,' 'my car -minicooper,' 'my cat's name - Tinks.' The most common password categories were family names such as partners or children (15%), followed by football teams (11%), and pets (8%). The most common password was 'admin.' One interviewee said, 'I work in a financial call center, our password changes daily, but I do not have a problem remembering it as it is written on the board so that every one can see it.... I think they rub it off before the cleaners arrive."The survey also found:

- 53 percent of users said they would not give their password to a telephone caller claiming to be calling from their IT department.

- Four out of 10 knew their colleagues' passwords.

- 55 percent said they'd give their password to their boss.

- Two thirds of workers use the same password for work and for personal access such as online banking and web site access.- Workers used an average of four passwords, although one systems administrator used 40 passwords, which he stored using a program he wrote himself to keep them secure.

- 51 percent of passwords were changed on a monthly basis, 3 percent changed passwords weekly, 2 percent daily, 10 percent quarterly, 13 percent rarely and 20 percent never.

- Many workers who regularly had to change their passwords kept them on piece of paper in their drawers, or stored on Word documents.

129897 18902118 Feature Vincent A Randazzese, Server Pipeline

2004-04-19T20:00:00Z 2004-04-19T20:00:00Z 2004-04-19T20:00:00Z

The StorageWorks NAS 2000 is an easy-to-deploy model designed for customers with storage and server consolidation needs at either the departmental or remote office level. Network Computing Networking & Mgmt

Data Networking & Management,Other

Network Attached Storage (NAS), for the most part, comprises a hand full of hard drives, enclosed in a rack-mountable case with a customized operating system. Although NAS has made tremendous strides beyond that recently, a reoccurring problem with many of the NAS boxes out there is that they are pieced together with different hardware components and proprietary software, which really do not co-exist well when smashed together. Many times this mix and match method hinders performance and serviceability. Down the road this presents an unfavorable outcome many organizations can ill afford to have.

HP's StorageWorks 2000s is the exception. It is a NAS device built on proven ProLiant server technology. Incorporating the ProLiant technology underneath the covers of the NAS hardware offers many of the specialty management tools like Integrated Lights-Out and Insight Manager, which help maintain a high level of quality service.

The 2U-high rack-mountable unit starts at about $8,300 and that is with 587Gbytes of storage attached to it. It is a product that can be grown to 27Tbytes if needed. It is a standalone appliance that has quite a bit of scalability from a storage perspective. HP StorageWorks 2000s is a mid range NAS device that runs an Intel Xeon 3.06GHz processor, which also has the option to run a second Xeon processor. It starts with one Gbyte of memory and can be expanded up to six Gbytes. It comes with two Gigabyte NICs and runs on Microsoft Windows Storage Server 2003, a derivative of Windows Server 2003, but it is an OS optimized specifically designed for NAS devices. HP modified the GUI by adding some additional capabilities revolving around cluster management and managing HP disk arrays. The company really offers some value add to their boxes with these management features, which are typically found in higher end HP SAN boxes, like the 4000s and 9000s.One thing that HP has done is that they tried to make it is as easy as possible to get the box up and running, so that folks can get file sharing going within minutes rather than hours. VARs servicing customers who are in desperate need of storage capacity can really take advantage of the easy deployment and reap the rewards. Integration with existing networks is straightforward and allows for on-the-fly installation. Out of the box, the unit includes support for Windows, UNIX, Linux, Novell, Macintosh, FTP and HTTP. Integrators will find setup of the unit a breeze. After plugging the unit into the network, an installer uses the browser, to find the unit and launch the browser-based configuration menu. Network administration, user access, and storage configuration are all easily managed through the NAS GUI. Solution providers should seriously consider the device for use in Windows-based networks. The unit's ability to integrate with Windows servers and the commonality of the interface make the NAS device an ideal storage solution for those networks.

Lastly, the box ships with a quick restore DVD in the event of some unfortunate mishap. If a customer is suffering from a worst case scenario and there is no way to recover the box, at least there is a way to recover it to the factory default.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
More Insights