What is your identity worth?

What would make you tell someone your user name and password?

A new study by Symantec suggests that £5 (around $10) is enough to convince most people. From Sky News:

“In a survey, almost 60% of people were prepared to divulge their computer password when asked by a stranger in the street.

Forty-five percent revealed they used either (sic) their birthday, their mother's maiden name or the name of their pet as a password.

The survey was an experiment by internet security firm Symantec to test just how much personal data people would give up.”

I can’t say that I am much surprised. In the past, people have been known to give up their passwords for as little as a chocolate bar and we are not even talking about good chocolate here. These are the users of the systems that we design or install. Is anyone else thinking that two factor authentication doesn’t seem all that expensive anymore?

All that said, there is a dark and cynical part of me that wonders. If someone asked me for my password in exchange for a reward, I would gladly tell them. It wouldn’t be my real user name or my real password though. I would be very, very interested in finding out who was asking the questions. I would also be reluctant to eat candy from strangers.

Nobody ever said that working in security made you a nicer person.

Oh, I know that this is not about the anatomy of hacks. I caught a (biological) virus over the weekend and that has rather thrown off my plans.

Signing off,

Mark Long, Digital Looking Glass