RSS
Twitter
Chocolate No Longer As Effective In Separating Men From Their Passwords?
from the fun-with-statistics,-headlines-and-chocolate dept
There are a bunch of headlines today about the fact that people will give up their passwords in exchange for some chocolate, but most of the reports seem to be missing the point. Similar studies have been conducted for years. Four years ago, we saw an almost identical study. Other studies have shown that people will give up their passwords for a ballpoint pen or chance to win theater tickets. None of this really proves very much. The "chocolate" hook is really just for generating headlines. After all, a similar study showed that people would give up private data if you just ask nicely. Chocolate may have nothing to do with it.
In reality, though, the interesting part of this chocolate story is the fact that the number of people who give up their password for chocolate is way down this year compared to the same study last year. Last year 64% gave up their password, whereas this year only 21% did. That's a huge difference, and should make you question the methodology. It certainly sounds like the results could depend very much on how persuasive the questioner is. Hire someone who's a good social engineer, and the numbers go up. For the same reason, I wouldn't give very much credence to the other headline coming out of this study that women are more likely than men to hand over their passwords. Again, without testing it under identical circumstances, it's tough to determine that for sure. A good social engineer will be able to get passwords out of plenty of people, whether using chocolate, a ballpoint pen or just plain sweet talk.
Reader Comments
(Flattened / Threaded)
I'll bet sex still works
at least on men
(reply to this comment) (link to this comment)
Re: I'll bet sex still works
Nope, we're talking computer folk's not construction works....
(reply to this comment) (link to this comment)
Re: Re: I'll bet sex still works
Computer folk's?? You mean geeks? so...free porn and a new HDD would probably work?
(reply to this comment) (link to this comment)
Re: Re: Re: I'll bet sex still works
How about a tank of premium gas, or a few bottles of Balvenie?
(reply to this comment) (link to this comment)
Re: Re: Re: I'll bet sex still works
LOL HDD...SSD maybe. SSD with porn, ill give you any password you want!
(reply to this comment) (link to this comment)
you're right
With them they only have to have to bat their eyes and let it seem a possibility.
(reply to this comment) (link to this comment)
I'd be more likeley to give up my password for a women then a women would give up her password for me.
(reply to this comment) (link to this comment)
Re:
Woman - singular Women - plural
(reply to this comment) (link to this comment)
ok
my password is &$#^)):-)
(reply to this comment) (link to this comment)
Are you cute?
I'll show you my password if you show me yours..
(reply to this comment) (link to this comment)
"Last year 64% gave up their password, whereas this year only 21% did. That's a huge difference, and should make you question the methodology."
While i do not deny there are huge questions about the methodology i would be susprised if there was not some kind of large drop. People are slowly but surely becomeing more IT security aware, be it passwords, identity theft or big companys/government losing your data, bearly a day pass's by where their is not something related to these in the news/press.
People are stupid, but if you repeat something enough times they do eventually learn something and stop falling for the most obvious scams
But that said a good social engineer will always have a good success rate because they are not so obvious as "hey i will give you some chocolate if you give me your password"
(reply to this comment) (link to this comment)
Social Engineering... Just being good at fibbing
It's amazing how much people are willing to believe and how many people are blindly trusting even to strangers. If your really good at it, you can even get people to believe something that they didn't even believe in the first place or better yet stood against for many many years. It's not just a co-incidence though that the best fibbers also make the best social engineers...
Hack the Planet... or at least it's people
(reply to this comment) (link to this comment)
And how many of those "givenup" passwords were legitimate ?
(reply to this comment) (link to this comment)
Maybe everyone is just a little smarter with all the credit card fraud, identity theft and similar things that are in the news now. Certain grocery store chains (cough, Hannaford, cough) loosing millions of credit cards #'s and info. to a hacker. Great site by the way, love reading it.
(reply to this comment) (link to this comment)
Ha
I'll give 'em my password. Without the user ID or login name it's still just a word
(reply to this comment) (link to this comment)
lawl
(reply to this comment) (link to this comment)
I would give up my password for a new macbook air :-)
(reply to this comment) (link to this comment)
First, I'd ask why they wanted the password, then I'd give them a fake one and take the chocolate. Only if it was good chocolate though, if it was Hershey, they can keep it.
(reply to this comment) (link to this comment)
I've always been curious
Do they ever check to see if they got a the correct password? Is this just an honor system thing? I mean, I'll give you a password for a chocalate bar, but it sure as hell won't be my real password.
(reply to this comment) (link to this comment)
My password
Yes... my password is... tater salad
(reply to this comment) (link to this comment)
totally rigorous research
All this tells me is that 21% of people are smart enough to give a researcher a fake password in exchange for free chocolate. What a stupid and flawed study.
(reply to this comment) (link to this comment)
Not enough info
That article isn't really surrendering enough information on how the study was done to be able to garner its validity.
(reply to this comment) (link to this comment)
Bosco
(reply to this comment) (link to this comment)
my password is ********, now wheres my chocolate
(reply to this comment) (link to this comment)
Stop I'm About To Pee My Pants
Oh, you want a legit password? OK, here it is. Hand over the SSD with Porn now! Thank you. BTW, that password I gave you? Yeah I'm changing it now.
(reply to this comment) (link to this comment)
Add Your Comment