Money for nothing but the choc’s for free
This year’s Information Security Awareness week starts on 21st April and to highlight its approach, the organisers of a corresponding IT industry trade show, Infosecurity Europe, have carried out their annual survey and once again found that a lot of people really couldn’t care less about their computer passwords - or, as The Inquirer helpfully puts it, "Women give out passwords for chocolate - Just imagine what they’ll do for jewellery"…
>headdesk<
Office workers outside Liverpool Street Station in London were "asked to give strangers, posing as market researchers, their email password, in return for a chocolate bar". And apparently 45% of the women quizzed were happy to oblige, as opposed to 10% of men.
Once you get past the cliched headlines, and the fact that this seems to have been more of a straw poll than any particular piece of scientific research, there is actually a serious underlying point - although it applies regardless of gender - which is that giving away personal information to strangers who look respectable, regardless of what it’s in exchange for, leaves one exposed to the risk of identity theft.
But I’ll tell you this for nothing: I’d want a huge bar of really good quality chocolate for my password. About the size of the Isle of Wight, I reckon…
Posted by Helen G on 16 April 2008, at 5:00 PM | Comments (15)
Have your say
In order to keep this blog as a feminist and friendly space, comments will be subject to some rules. We do not seek to censor debate: the beauty of the internet is that anyone can set up their own blog or website to express their views.
- This blog is a safe and friendly space for feminists and feminist allies. Debate and critique are welcome where it is constructive and deepens analysis or understanding. Anti-feminist comments will not be approved. We get to decide what's anti-feminist.
- All comments must be approved by one of the bloggers. For this reason, there may be a delay before your comment appears.
- No sexist, racist, homophobic, transphobic, classist, ablist comments, comments which make personal attacks on any blogger or commenter, or comments that are otherwise deemed offensive by us will be posted.
- Trolls will be banned from commenting. We get to decide who is a troll.
- No anonymous comments - please feel free to use your real name or make one up, though.
- Be nice.
Feeds
Mary said:
But surely any clear thinking person would just give a false password and nab the chocolate! Not a very conclusive bit of research...
Posted on 16 April 2008 at 5:11 PM
Jess said:
So. annoying! Why do people even do this 'research'?!
Posted on 16 April 2008 at 6:07 PM
Anne Onne said:
Heh. People DO find it harder to say no to anybody with an air of authority, but giving out passwords to random researchers? I can't quite believe it.
I'm trying to work out whether I'd be dishonest enough to five a fake password to nab free chocolate. Nah, I'm not that into freebies given away on the street (too paranoid, I guess), and I would be VERY suspicious of anybody asking for passwords.
Besides, since it doesn't look like they checked if the passwords are genuine, can they really draw ANY conclusions from this?
Yeah, educating people about internet safety is very important, but this research is pretty useless.
Posted on 16 April 2008 at 7:36 PM
Helen G said:
I agree that the methodology leaves much to be desired, but the point is valid. People generally are far too relaxed about giving out this kind of information.
The web came into being as a way of sharing information, and implementing and maintaining data security is hard enough for any organisation without users handing out passwords to random strangers on the street.
I wonder how many of those interviewed would have told the interviewer the PIN of their credit/debit cards...
/soapbox
Posted on 16 April 2008 at 7:45 PM
Cruella said:
Did anyone bother to check whether the women gave their ACTUAL passwords. I know would instantly go "Oh sure, it's Tuesday24 thanks very much" and head along eating choccie. I suspect very few gave their actual password.
Posted on 16 April 2008 at 8:02 PM
painless said:
question: if the people who gave their password didn't also give out their email address - or information that could lead the questioner to their email address - (which might be quite hard if it's not theirname@whatever.com) then maybe the people who shared were thinking, well, what will they do with it?
Posted on 16 April 2008 at 9:33 PM
betsy said:
I probably would be dishonest enough to make up a password to get chocolate, especially since (in such a situation) my mind immediately thinks "they're trying to steal my emails, and my paypal, and my ebay, and get onto my FACEBOOK".
Somehow the facebook thing is the most worrying...
Posted on 16 April 2008 at 9:46 PM
Helen G said:
The Register adds that "[the] researchers also asked for workers' names and telephone numbers, ostensibly so they could be entered into a draw to go to Paris". Dates of birth were also requested.
In my view, it is not so much a question of the researchers scurrying off to the nearest Starbucks, laptops and password lists in hand, to try and hack somebody's Gmail account; it is about pointing out how much personal information people will give away without thinking - information which could be potentially very useful indeed to anyone planning ID fraud.
Bearing in mind the amount of data lost by various government departments on laptops and CDs, etc - and the amount of personal information posted on social networking sites like FaceBook, one might have hoped that people would be a little more circumspect - but maybe it was just really nice chocolate on offer...
Posted on April 16, 2008 9:50 PM
Helen G said:
So you wouldn't trust them with your password - but you would trust them not to have tampered with the chocolate?
Yeah, I know, I'm completely paranoid...
Posted on April 16, 2008 9:55 PM
Lindsey said:
I would totally fake it for freebies!
Which sounds awful out of context. But many years of freshers fairs with clubs asking for email addresses in exchange for goody bags and me going 'yes and I'll just add my five friends too' and making up a load seems to have trained me into this habit.
Posted on 17 April 2008 at 8:59 AM
Catherine Redfern said:
Just had to say that this post has the greatest title ever.
Posted on 17 April 2008 at 12:10 PM
Samara Ginsberg said:
A few years ago a marketing guy with a clipboard offered me a free packet of Maltesers in return for my mobile number. I gave him a fake number and bagged the chocolate. It was particularly delicious for having been obtained by devious means.
Posted on April 17, 2008 2:08 PM
Cara said:
I would definitely have made up the password. And any other details - name, phone number, date of birth - any or all of those could be made up.
I got one of those coupons in a magazine for a discount on shoes...filled it in with fake e-mail address as I didn't want constant spam...no problem, 20% off shoes. Yay. (Not that I am obsessed with shoes or anything).
Posted on 17 April 2008 at 5:52 PM
Cruella said:
I have been advised when the marketers come round your local pub/club handing out free cigarettes - in return for a signature confirming you are a smoker aged over 18 - don't sign these with your real name.
I heard from suitably paranoid sources that often people who don't smoke sign up thinking they'll get free ciggies and give them to their smoker friends, but that then the lists are sold on to health insurance companies who increase your premiums because they think you smoke...?!
Maybe just paranoia. But I'm paranoid enough to put a false name and signature.
Posted on 17 April 2008 at 5:57 PM
Feminist Avatar said:
Having spent the last eight years on a uni campus where giveaways for email addresses are de rigeur, I quite happily create my 'personal details' for each promo.
Posted on 19 April 2008 at 7:12 PM