Slashdot Log In
Giving Up Passwords For Chocolate
Posted by
CmdrTaco
on Tue Apr 20, 2004 07:18 AM
from the my-password-is-hershey dept.
from the my-password-is-hershey dept.
RonnyJ writes "The BBC is reporting that, according to a recent survey, more than 70% of people would willingly give up their computer password in exchange for as little as a bar of chocolate. Over a third of the people surveyed even gave out their password without having to be bribed, and most indicated that they were fed up with having to use passwords."
This discussion has been archived.
No new comments can be posted.
Giving Up Passwords For Chocolate
|
Log In/Create an Account
| Top
| 710 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
|
2
I'd give up mine for sex! (Score:5, Funny)
(http://www.inkblotweb.com/ | Last Journal: Monday March 22 2004, @01:41AM)
I'm not sure whether (Score:5, Funny)
The second one might not be so pleasant.
Still, it's probably better than being an OpenBSD hacker and having never been rooted at all.
(and please don't mod up the karma whore who follows this going "don't stereotype geeks waa waa waa" it's a joke...laugh)
Re:I'm not sure whether (Score:5, Funny)
Re:I'd give up mine for sex! (Score:5, Funny)
Our new tablet PC's have card readers. When I worked at a Fortune 70, we found that no employee over Sr Manager level could remember a password, even if written down where they could see it. So what do you do. We just gave them a blank password. Now they could do emails and spreadsheets but not passwords.
Go figure.
Re:I'd give up mine for sex! (Score:4, Funny)
(http://www.joystick101.org/)
Re:I'd give up mine for sex! (Score:5, Interesting)
(http://www.fufme.com/)
-B
Re:I'd give up mine for sex! (Score:5, Funny)
IANAFB (Fraternity Brother)
Re:I'd give up mine for sex! (Score:5, Funny)
(http://jimthompson.org/ | Last Journal: Monday August 20 2001, @09:22AM)
Re:I'd give up mine for sex! (Score:5, Funny)
Re:I'd give up mine for sex! (Score:5, Funny)
Re:I'd give up mine for sex! (Score:5, Funny)
(http://www.jaxcare.org/ | Last Journal: Thursday March 28 2002, @09:55AM)
I worked for a small privately-held HR-and-Admin services firm, and the head honcho managed to lock himself out on a regular basis...despite the fact that his password was his flipping first name with a 1 at the end.
I never did have the guts to "hint" him with, "What's your first name, Sir? Then put your I.Q. at the end. No, not your shoe size. Your I.Q. It's gotta be one digit..."
Oh well. I had a great supervisor and I learned a lot.
GTRacer
- It's not me
Re:I'd give up mine for sex! (Score:5, Funny)
Passwords and memory (Score:5, Interesting)
(Last Journal: Friday April 27 2007, @02:20PM)
It takes less than 5 minutes to remember a new sequence, just by typing it lots of times, and I find that if I *do* forget one from (say) 6 months ago, if I put my fingers through the first 1 or 2 chars, I get the whole sequence back... Holographic memory at its best
I've found this works much better for me than what I used to do (take 2 words, reverse them, catenate them, and take the central 8 chars) - the recovery of "forgotten" passwords is much easier when I let my fingers "remember" what to do... It also allows me to give clients obviously hard-to-forge passwords and easily use them
Simon
Re:Passwords and memory (Score:5, Interesting)
(http://www.e.co.za/ | Last Journal: Tuesday May 24 2005, @01:26AM)
I have a 6 alpha char, but not-so-secret (public), password I use for all my low-risk passwords. Then I have another simple 8 alpha-num, but secret, password for all my secure sites (like Slashdot).
For high-security (Banking/root/PGP) I use a 13 character randomly generated passsword or two.
I would give out my not-so secret one to anyone who dares ask, and my 8 char one for an Aero milk bar...
Slashdot's a secure site? (Score:5, Funny)
(http://www.adamofgreyskull.co.uk/)
Re:Passwords and memory (Score:5, Interesting)
I go a little further than this:
Additionally, every 6 months or so I create (using a random password generator) a new password, which becomes my systems password. My systems password becomes my financial password, my financial password becomes my need-to-keep secure, and so on down...
Works for me...
Re:Passwords and memory (Score:5, Funny)
(http://swerdfeger.com/ | Last Journal: Sunday May 25 2003, @12:25AM)
Low security Internet (slashdot/monster/..etc..)
one for home (12 random key strokes)
one for finance (another 12 random key strokes)
and one for work....my onw for work is "password"
any one care to guess how much I like my job?
Re:Passwords and memory (Score:5, Insightful)
The key is to make them memorable, pronouncable non-words. You can do this using passwdgen on linux. Just set it to the number of characters, add the "pronouncable" switch and - optionally - the "non alphaneumeric characters" switch and you'll have something that is very secure yet easy for YOU to recall.
Further, what a bunch of whiney fucks. "Boo hoo, I have to use passwords. Boo hoo, I have to use a key to open my car door, house, bank deposit box, home safety, glove compartment, trunk. Boo hoo, I have to turn the knobs on doors and open them before walking into a building or home or car."
Come on people.
Re:Passwords and memory (Score:5, Insightful)
(http://masterdev.dyndns.dk/drslog | Last Journal: Thursday April 19 2007, @02:20PM)
As we learned in Econ 101, it probably comes down to value. Most people do not ascribe value to computer security; they see it as "something the IT guys make us do." Example: walk into any small shop and check out their security. It has been my experience that all passwords are taped to the monitor more times than not, or you can just ask the admin for them.
On the other hand, people ascribe much more value to the security of their home and/or car.
Re:Passwords and memory (Score:5, Insightful)
(http://www.everythingfreight.com/)
True, but does turning a key force you to remember a complex stored memory? Nope.
Re:Passwords and memory (Score:5, Funny)
(http://go.away/)
Finding my keys does...
Re:Passwords and memory (Score:5, Informative)
http://sourceforge.net/projects/passwordsafe/
Re:Passwords and memory (Score:5, Funny)
I just changed all my passwords to 'passwordsafe'. They seem to work just as well as all those hard-to-remember passwords I had before. That is what you meant, isn't it?
Re:Passwords and memory (Score:4, Interesting)
No guarantees as to how secure it is. So far I haven't found any problems with it.
Re:Passwords and memory (Score:5, Interesting)
(http://slashdot.org/)
I couldn't have told them my care-about passwords anyway though - I don't remember them, I just remember how to type them in.
I do the same thing. I base my passwords on a pattern of keys on the keyboard. I was haplessly surprised earlier this year while I was on vacation in Europe, when I realized that the keyboard on the hotel terminal had a different key mapping than the one I based my password on! :-( It took me several minutes just to remember what all the keys would have been on a US keyboard and then alter my pattern just to be able to type in my password...
Yes, I know I probably could have changed the key mapping in the operating system, but it was a Windows machine, and I only know how to use xmodmap.
Also over 30% will just tell you..... (Score:3, Interesting)
(http://troc.xs4all.nl/ | Last Journal: Sunday October 26 2003, @07:00PM)
Troc
Re:Also over 30% will just tell you..... (Score:5, Interesting)
They should have tried doing the survey by knocking on people's front doors and asking them. I bet significantly less people would tell them then, because they would realise there was a much greater chance that the divulged information could actually be used.
I am sure that somewhere in my town, there is a computer with the Windows login "Administrator", with password set to "password". Now in order for that information to be useful I still need to find that computer. (The only likely way is brute force scanning, which, by extension could be applied to the password cracking anyway.)
Clearly, if the attacker was more malicious and started following you, etc they could get this information. However, most people will assume that noone else actually has a major reason to be interested in their PC or indeed downloading their pr0n collection. This is part of the reason why Joe Public does have such strong feelings about spyware as the average slashdotter.
Wait a minute (Score:5, Insightful)
(http://www.jgc.org/ | Last Journal: Friday August 22 2003, @11:31AM)
So people can just make it up.
Yes Mr "Researcher" if offered chocolate 79% of people can think of a random word.
Big deal,
John.
Re:Wait a minute (Score:5, Insightful)
(http://www.gh-sts.com/HOWTO | Last Journal: Tuesday November 01 2005, @09:39PM)
Depends what type of password they're asking for. I can imagine my boss giving up some of his real passwords for a bribe because he thinks "big deal... that one's not protecting anything sensitive anyway". Except, that comes down to him not understanding that whole "weakest link in the defenses" problem. Yea, maybe THAT password isn't, but what does that give a malicious user access to that could be abused elsewhere? What apps level attacks are we now vulnerable to? What databases could be stolen? Could the attacker now impersonate you to get more information from other people?
Management and business types, and of course home users, don't think security is a big complex model. They think "oh, we have a firewall... we're safe" and that's the end of it.
Re:Wait a minute (Score:5, Interesting)
(http://www.gh-sts.com/HOWTO | Last Journal: Tuesday November 01 2005, @09:39PM)
There's a difference between having a sysadmin that's insane and having one that understands reasonable protections based on the content being protected and the overall position of the system in question. If a single compromise could result in a $200 million dollar loss of sensitive information, maybe forcing people who access that info to use a 12 character password that's not vulnerable to a dictionary attack isn't such a bad idea, hmm?
Yet, I see it all the time: some stupid suit thinks they know better and wants to be exempt from the policy. Dysfuntion exists at every level, but when it runs rampant in people with authority, you have a real problem. What amazes me is that the excuse from these boneheads is always the same when something goes wrong: "well, I'm a MANAGER, I handle BUSINESS DECISIONS. You don't expect me to understand your technical mumbo jumbo, do you!?"
Uh, no dumbass.... I expect you to sit back, STFU, and let me do my job. You HIRED me to do this so you didn't HAVE to understand the technical mumbo jumbo... remember?
I'm sure not all management is like this, but from my vantage point, most of it is. It's so much easier for them to point fingers after the shit hits the fan than it is to sit down and work with the technical people from the start, I suppose. This whole story is probably a good example of that. I tried to get these bozos to pay for some of our front line people to take classes on preventing social engineering attacks. Something like 90 people would have been enrolled to the tune of $25K. They refused. So, to make my point, I told my buddy to get into the veeps office. Sure as all hell, he did it without raising any eyebrows... they thought it was a "cute trick" and still didn't sign anyone onto the class because they don't think anyone would ever try it with us. I then tried to point out that while WE might not have anything particularly valuable, we do act as interface to a much larger International that DOES have a lot of valuable assets that competitors and crooks would love.. no dice. Idiots, says I. Idiots. They hire people to do things they don't understand, then tell them how to do it anyway. That's like hiring a builder to build your house, then hanging over them all the time and telling them they're doing it wrong.
Re:Wait a minute (Score:5, Interesting)
(http://slashdot.org/ | Last Journal: Friday October 01 2004, @07:19AM)
Sadly, I doubt they will ever realise how worthless their surveys are, after all the NYT still hasn't got the message after about a billion fake login names.
Re:Wow... I mean... wow... (Score:5, Interesting)
(http://timgray.blogspot.com/)
here they added the restriction that you password can not contain any characters that can be typed at the keyboard... oh and you cant use any of your last 50 passwords.
Ok, so I'm kind-of joking... but their stupidity at corperate to make passwords insanely complex has weakened computer security as most users now have their password (and the last 20 or so) written down under their desk blotter, in the drawer or even on a post-it on the monitor...
Oh and corperate's extreme wisdom has the last four of your SSN in your user ID, and they use that same 4 digits to verify who you are to tech support lines...
so basically they, through extremely stupid decisions have significantly weakened the network and computer security here to the point that it is a gigantic joke.
yay for MIS directors that have no clue!
Pork Rinds! (Score:5, Funny)
This doesn't surprise me at all... (Score:5, Funny)
(Last Journal: Tuesday September 23 2003, @01:46PM)
Punk: Okay, you say you can't get the NVidia card to work in Red Hat. Let's go to the NVidia site and download--
Dude: My root password is money45!
Punk: [dope smack] NEVER DO THAT AGAIN!
Even back in the days I did call support for an ISP, sometimes I'd just ask their login name and they'd just blurt out, "My login is sueray22 and my password is newyork!"
Re:This doesn't surprise me at all... (Score:5, Interesting)
Even back in the days I did call support for an ISP, sometimes I'd just ask their login name and they'd just blurt out...
My ISP always asks me what my password is. I've explained to them many times that it gets people into a bad habit and that I have to repeatedly tell my end users to NEVER give out passwords to anyone, even me. After several times, they finally said, "I'll make a note in your account to not ask for your password."
Idiots.
Re:This doesn't surprise me at all... (Score:4, Informative)
(Last Journal: Saturday June 30, @01:22AM)
Re:This doesn't surprise me at all... (Score:4, Insightful)
If you worked for me, you would not get an opportunity to do this a second time. Sanctioning the offender is fine, but costing the company 5 months worth of work is not.
Re:This doesn't surprise me at all... (Score:5, Funny)
(http://slashdot.org/ | Last Journal: Friday November 16, @12:15AM)
Me: Now I need you to log in, please, using your account and password.
They: OK, that's M459465, uhh... k-e-v-i-n-2-1. There. I'm in!
Me: sigh.
Re:This doesn't surprise me at all... (Score:5, Funny)
(Last Journal: Tuesday May 08 2007, @05:37PM)
First thing he did was accidently posting his root-pw in a irc channel with 2600 users. Damn fine password it was =)
Uh ... yeah I'll tell you my password. (Score:5, Funny)
Oh, wait. You wanted my REAL password? Well, that'll cost you another chocolate bar. Of course I'll give you my real password this time. Would I lie to you?