Monday, October 20, 2008

Women more likely to give up passwords for chocolate

As always, the user is the weakest link in the security of the system. It is generally much easier to get a password and user name directly from someone with secure or privileged access than it is to hack/crack the system. This is pretty basic social engineering, and something we all need to constantly be on the lookout for. I have been recently cleaning up my email inbox, when I came across this article from April in The Register where their research showed that women are four times as likely to give out a password if chocolate is offered in exchange than men. Four times.  I could never have imagined how something so delicious could so easily be put to such a sinister purpose. *sigh*


  1. I can't help but find these tests amusing; I'm no chocolate fiend, but I can still remember my usernames and passwords on some systems which I know were decommissioned over a decade ago, so I could readily provide one of those and get some free chocolate at no risk to my data.
    Now, they need to see how more likely men are than women to divulge their username and password, when offered beer ;-).

  2. As Bruce Schneier noted, since the methodology of the test was never published, how do we know that the people gave out their real passwords? If someone offered me chocolate (in a manufacturer's sealed package of course) in exchange for my password, I wouldn't give them my real password, but I might be willing to make one up.