Chocolate No Longer As Effective In Separating Men From Their Passwords?
from the fun-with-statistics,-headlines-and-chocolate dept
There are a bunch of headlines today about the fact that people will give up their passwords in exchange for some chocolate, but most of the reports seem to be missing the point. Similar studies have been conducted for years. Four years ago, we saw an almost identical study. Other studies have shown that people will give up their passwords for a ballpoint pen or chance to win theater tickets. None of this really proves very much. The "chocolate" hook is really just for generating headlines. After all, a similar study showed that people would give up private data if you just ask nicely. Chocolate may have nothing to do with it.
In reality, though, the interesting part of this chocolate story is the fact that the number of people who give up their password for chocolate is way down this year compared to the same study last year. Last year 64% gave up their password, whereas this year only 21% did. That's a huge difference, and should make you question the methodology. It certainly sounds like the results could depend very much on how persuasive the questioner is. Hire someone who's a good social engineer, and the numbers go up. For the same reason, I wouldn't give very much credence to the other headline coming out of this study that women are more likely than men to hand over their passwords. Again, without testing it under identical circumstances, it's tough to determine that for sure. A good social engineer will be able to get passwords out of plenty of people, whether using chocolate, a ballpoint pen or just plain sweet talk.
Reader Comments (rss)
(Flattened / Threaded)
I'll bet sex still works by Haywood on Apr 16th, 2008 @ 3:16pm
at least on men
(reply to this comment) (link to this comment)
by Anonymous Coward on Apr 16th, 2008 @ 3:19pm
I'd be more likeley to give up my password for a women then a women would give up her password for me.
(reply to this comment) (link to this comment)
Re: I'll bet sex still works by blacjack on Apr 16th, 2008 @ 3:21pm
Nope, we're talking computer folk's not construction works....
(reply to this comment) (link to this comment)
Re: Re: I'll bet sex still works by CVPunk on Apr 16th, 2008 @ 3:30pm
Computer folk's?? You mean geeks? so...free porn and a new HDD would probably work?
(reply to this comment) (link to this comment)
you're right by Haywood on Apr 16th, 2008 @ 3:30pm
With them they only have to have to bat their eyes and let it seem a possibility.
(reply to this comment) (link to this comment)
ok by Napacab on Apr 16th, 2008 @ 3:45pm
my password is &$#^)):-)
(reply to this comment) (link to this comment)
Are you cute? by Dave on Apr 16th, 2008 @ 3:46pm
I'll show you my password if you show me yours..
(reply to this comment) (link to this comment)
by Jack Sombra on Apr 16th, 2008 @ 4:19pm
"Last year 64% gave up their password, whereas this year only 21% did. That's a huge difference, and should make you question the methodology."
While i do not deny there are huge questions about the methodology i would be susprised if there was not some kind of large drop. People are slowly but surely becomeing more IT security aware, be it passwords, identity theft or big companys/government losing your data, bearly a day pass's by where their is not something related to these in the news/press.
People are stupid, but if you repeat something enough times they do eventually learn something and stop falling for the most obvious scams
But that said a good social engineer will always have a good success rate because they are not so obvious as "hey i will give you some chocolate if you give me your password"
(reply to this comment) (link to this comment)
Social Engineering... Just being good at fibbing by Crazy Turk on Apr 16th, 2008 @ 4:23pm
It's amazing how much people are willing to believe and how many people are blindly trusting even to strangers. If your really good at it, you can even get people to believe something that they didn't even believe in the first place or better yet stood against for many many years. It's not just a co-incidence though that the best fibbers also make the best social engineers...
Hack the Planet... or at least it's people
(reply to this comment) (link to this comment)
by p@55w0rd on Apr 16th, 2008 @ 4:24pm
And how many of those "givenup" passwords were legitimate ?
(reply to this comment) (link to this comment)
by Chad on Apr 16th, 2008 @ 4:42pm
Maybe everyone is just a little smarter with all the credit card fraud, identity theft and similar things that are in the news now. Certain grocery store chains (cough, Hannaford, cough) loosing millions of credit cards #'s and info. to a hacker. Great site by the way, love reading it.
(reply to this comment) (link to this comment)
Ha by Tom The Toe on Apr 16th, 2008 @ 5:24pm
I'll give 'em my password. Without the user ID or login name it's still just a word
(reply to this comment) (link to this comment)
Re: Re: Re: I'll bet sex still works by Anonymous Coward on Apr 16th, 2008 @ 6:21pm
How about a tank of premium gas, or a few bottles of Balvenie?
(reply to this comment) (link to this comment)
by Pete on Apr 16th, 2008 @ 6:49pm
lawl
(reply to this comment) (link to this comment)
by Peter on Apr 16th, 2008 @ 11:32pm
I would give up my password for a new macbook air :-)
(reply to this comment) (link to this comment)
Re: Re: Re: I'll bet sex still works by Anonymous Coward on Apr 17th, 2008 @ 12:07am
LOL HDD...SSD maybe. SSD with porn, ill give you any password you want!
(reply to this comment) (link to this comment)
by Rekrul on Apr 17th, 2008 @ 1:40am
First, I'd ask why they wanted the password, then I'd give them a fake one and take the chocolate. Only if it was good chocolate though, if it was Hershey, they can keep it.
(reply to this comment) (link to this comment)
Re: by wolfy on Apr 17th, 2008 @ 3:42am
Woman - singular Women - plural
(reply to this comment) (link to this comment)
I've always been curious by Ferin on Apr 17th, 2008 @ 4:51am
Do they ever check to see if they got a the correct password? Is this just an honor system thing? I mean, I'll give you a password for a chocalate bar, but it sure as hell won't be my real password.
(reply to this comment) (link to this comment)
My password by Anonymous Coward on Apr 17th, 2008 @ 6:38am
Yes... my password is... tater salad
(reply to this comment) (link to this comment)
totally rigorous research by ummm, no on Apr 17th, 2008 @ 7:02am
All this tells me is that 21% of people are smart enough to give a researcher a fake password in exchange for free chocolate. What a stupid and flawed study.
(reply to this comment) (link to this comment)
Not enough info by Alimas on Apr 17th, 2008 @ 7:33am
That article isn't really surrendering enough information on how the study was done to be able to garner its validity.
(reply to this comment) (link to this comment)
by George Costanza on Apr 17th, 2008 @ 12:03pm
Bosco
(reply to this comment) (link to this comment)
by pony on Apr 18th, 2008 @ 2:38am
my password is ********, now wheres my chocolate
(reply to this comment) (link to this comment)
Stop I'm About To Pee My Pants by Giengus on Apr 25th, 2008 @ 7:35am
Oh, you want a legit password? OK, here it is. Hand over the SSD with Porn now! Thank you. BTW, that password I gave you? Yeah I'm changing it now.
(reply to this comment) (link to this comment)
Add Your Comment