Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Giving Up Passwords For Chocolate

CmdrTaco posted more than 10 years ago | from the my-password-is-hershey dept.

Security 710

RonnyJ writes "The BBC is reporting that, according to a recent survey, more than 70% of people would willingly give up their computer password in exchange for as little as a bar of chocolate. Over a third of the people surveyed even gave out their password without having to be bribed, and most indicated that they were fed up with having to use passwords."

cancel ×

710 comments

Sorry! There are no comments related to the filter you selected.

I'd give up mine for sex! (5, Funny)

walter_kovacs (763951) | more than 10 years ago | (#8915036)

Yes, I am that desperate.

Re:I'd give up mine for sex! (0)

PepsiProgrammer (545828) | more than 10 years ago | (#8915067)

Stupid users. Listen to policy.

Re:I'd give up mine for sex! (3, Funny)

Anonymous Coward | more than 10 years ago | (#8915114)

> I'd give up mine for sex!

Hey! That's my password for my root account too. (Except I don't add have spaces.)

No-one has cracked my computer yet, so I know it must be a good password.

I'm not sure whether (5, Funny)

Anonymous Coward | more than 10 years ago | (#8915165)

you realise that such a deal will ensure your getting rooted twice?

The second one might not be so pleasant.

Still, it's probably better than being an OpenBSD hacker and having never been rooted at all.

(and please don't mod up the karma whore who follows this going "don't stereotype geeks waa waa waa" it's a joke...laugh)

Re:I'm not sure whether (0)

Anonymous Coward | more than 10 years ago | (#8915183)

don't stereotype geeks, waa waa waa

Re:I'd give up mine for sex! (5, Funny)

AppyPappy (64817) | more than 10 years ago | (#8915167)

A guy on my hall gave up his fraternity secrets for sex.


Our new tablet PC's have card readers. When I worked at a Fortune 70, we found that no employee over Sr Manager level could remember a password, even if written down where they could see it. So what do you do. We just gave them a blank password. Now they could do emails and spreadsheets but not passwords.


Go figure.

Re:I'd give up mine for sex! (2, Funny)

Hogwash McFly (678207) | more than 10 years ago | (#8915182)


I'd also give mine up for love.
Maybe also for a secret.
Hell, I'd also do it for God.
Although not neccesarily in that order.

Re:I'd give up mine for sex! (1, Funny)

eclectro (227083) | more than 10 years ago | (#8915192)

Yes, I am that desperate.

If you're that desperate, [google.com] I think it's pretty safe to say that you are not going to get any chocolate either.

Re:I'd give up mine for sex! (5, Funny)

Anonymous Coward | more than 10 years ago | (#8915193)

Cool. I'll bring the goat around about 7pm.

fp (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8915037)

fp

Re:fp (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8915136)

You fail it. By order of hfis, you must die.

Hail the GNAA!

XXXXXXXXXXXXX-------------XXX
XXXXXXXXXXXXX-------------XXX
------------------XXX-------------XXX
------------------XXX-------------XXX
------------------XXX-------------XXX
XXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXX
XXX-------------XXX----------
XXX----HFIS---XXX----------
XXX-NOSTRUMXXX----------
XXX-----REX---XXXXXXXXXXXXX
XXX------------XXXXXXXXXXXXX

EXTOLLO HFIS NOSTRUM REX
HFIS VALIDUS!
HFIS POTENS!
HFIS INFLAMMATIO!
HFIS VESTRUM REX!

Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)

Passwords and memory (4, Interesting)

Space cowboy (13680) | more than 10 years ago | (#8915040)

I use one password for anything I don't really care about (/. login, LWN login, etc.) and different ones for systems I do care about (webservers, mx machines, client machines etc). I couldn't have told them my care-about passwords anyway though - I don't remember them, I just remember how to type them in. If I have to tell someone, I have to go through the process of mentally "typing" the word - complete with shift keys etc...

It takes less than 5 minutes to remember a new sequence, just by typing it lots of times, and I find that if I *do* forget one from (say) 6 months ago, if I put my fingers through the first 1 or 2 chars, I get the whole sequence back... Holographic memory at its best :-)

I've found this works much better for me than what I used to do (take 2 words, reverse them, catenate them, and take the central 8 chars) - the recovery of "forgotten" passwords is much easier when I let my fingers "remember" what to do... It also allows me to give clients obviously hard-to-forge passwords and easily use them :-)

Simon

Re:Passwords and memory (2, Interesting)

JoScherl (228091) | more than 10 years ago | (#8915080)

For important things, like Login to a remote system or something I use the first letters of the first sentence that comes to my mind - but in the endI only type the sequences without remebering what it meant - that's quite funny - finding the sentence after some months with only having the letters ;-)
At unimportant systems I use something like qwerty 'cause it's quite easy to type fast....

Re:Passwords and memory (2, Interesting)

brinkster (523812) | more than 10 years ago | (#8915213)

I started in a non IT related position 8 months ago. In that time I have managed to find the admin passwords to two domains, admin access to the company database, local admin access to all the PCs at my site, VNC passwords as well as discovered the company RedHat server runs a vulnerable version of SSH.
All this by showing half an interest and sounding like you know what you're talking about. But then, maybe the IT department here is useless.

Re:Passwords and memory (4, Interesting)

Domini (103836) | more than 10 years ago | (#8915124)

I have to agree to this.

I have a 6 alpha char, but not-so-secret (public), password I use for all my low-risk passwords. Then I have another simple 8 alpha-num, but secret, password for all my secure sites (like Slashdot).

For high-security (Banking/root/PGP) I use a 13 character randomly generated passsword or two.

I would give out my not-so secret one to anyone who dares ask, and my 8 char one for an Aero milk bar... ;)

Re:Passwords and memory (0)

Anonymous Coward | more than 10 years ago | (#8915200)

You probably could have gotten more for your /. password if you had managed to register 3837 accounts earlier than you did. Barely missed 5-digit bliss.

Re:Passwords and memory (1)

spamguy (691996) | more than 10 years ago | (#8915125)

Are you implying you don't care about Slashdot?

Re:Passwords and memory (5, Insightful)

Anonymous Coward | more than 10 years ago | (#8915135)

Remembering passwords is easy. I have lots of them.

The key is to make them memorable, pronouncable non-words. You can do this using passwdgen on linux. Just set it to the number of characters, add the "pronouncable" switch and - optionally - the "non alphaneumeric characters" switch and you'll have something that is very secure yet easy for YOU to recall.

Further, what a bunch of whiney fucks. "Boo hoo, I have to use passwords. Boo hoo, I have to use a key to open my car door, house, bank deposit box, home safety, glove compartment, trunk. Boo hoo, I have to turn the knobs on doors and open them before walking into a building or home or car."

Come on people.

Sunrays and passwords (0)

Anonymous Coward | more than 10 years ago | (#8915154)

One of the nice things about sunrays is that you generally don't need passwords. Sure passwords exist, but Sunrays use a swipe card to get you into an account. When you leave your computer, just take your card. Your session is saved and your terminal may now be used by anyone else.

Re:Passwords and memory (5, Informative)

mrwonka (131100) | more than 10 years ago | (#8915163)

try passwordsafe

http://sourceforge.net/projects/passwordsafe/

Re:Passwords and memory (0)

Anonymous Coward | more than 10 years ago | (#8915169)

All of my really important stuff is protected by one password - "cOwBoYnEaL".

Re:Passwords and memory (1)

CabMerlot (772847) | more than 10 years ago | (#8915181)

Evidently the cerebellum training lasts longer than the cerebrum training in your case! actually that's a universal human trait... hope you're okay with being labelled human! :)

not for chocolate (-1, Funny)

millahtime (710421) | more than 10 years ago | (#8915041)

I wouldn't give it up for chocolate but I'd sure think about it for some p0rn or a good lap dance.

Also over 30% will just tell you..... (2, Interesting)

troc (3606) | more than 10 years ago | (#8915042)

And apparently over 30% of those asked would just reveal their passwords without any bribery!

Troc

Re:Also over 30% will just tell you..... (0)

Anonymous Coward | more than 10 years ago | (#8915102)

Amazing! We have a Slashdot reader that read the blurb!

Re:Also over 30% will just tell you..... (1)

PepsiProgrammer (545828) | more than 10 years ago | (#8915118)

Aparantly most sysadmins dont put the fear of root in their users. Rule with an iron fist. Maybe im just fed up with stupid lusers and their windows machines fucking up my network though. God damned windows viruses and spyware. If you catch someone giving out their password (if it is possibly system compromising), or even writing it down, I suggest you change it for them to keep it secure.

Re:Also over 30% will just tell you..... (5, Interesting)

bobbis.u (703273) | more than 10 years ago | (#8915131)

But what use is a user id and password if you don't know where the computer is that it accesses?

They should have tried doing the survey by knocking on people's front doors and asking them. I bet significantly less people would tell them then, because they would realise there was a much greater chance that the divulged information could actually be used.

I am sure that somewhere in my town, there is a computer with the Windows login "Administrator", with password set to "password". Now in order for that information to be useful I still need to find that computer. (The only likely way is brute force scanning, which, by extension could be applied to the password cracking anyway.)

Clearly, if the attacker was more malicious and started following you, etc they could get this information. However, most people will assume that noone else actually has a major reason to be interested in their PC or indeed downloading their pr0n collection. This is part of the reason why Joe Public does have such strong feelings about spyware as the average slashdotter.

Re:Also over 30% will just tell you..... (1)

bobbis.u (703273) | more than 10 years ago | (#8915151)

Of course the last sentence should have read "does not have such strong feelings..."

What's so wrong about that?? (2, Funny)

JasonBee (622390) | more than 10 years ago | (#8915043)

My users do that all the time, if I am to believe that all those candies sitting in urns on desks serve a purpose! And to think my wife works at Nestle! JB

so what... (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8915044)

so what?

FP (-1, Funny)

Anonymous Coward | more than 10 years ago | (#8915046)

My passwords "first post".

OOPS!

You got Root!

praise hfis our lord and our king! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8915047)

XXXXXXXXXXXXX XXX
XXXXXXXXXXXXX XXX
XXX XXX
XXX XXX
XXX XXX
XXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXX
XXX XXX
XXX XXX
XXX XXX
XXX XXXXXXXXXXXX
XXX XXXXXXXXXXXX

EXTOLLO HFIS NOSTRUM REX
HFIS VALIDUS!
HFIS POTENS!
HFIS INFLAMMATIO!
HFIS VESTRUM REX!

Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)

It's good to know... (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8915050)

that I'm a wolf living umong sheep. How I thirst for the blood of the willing, to give me their lives so easily... momma said people are stupid.

passwords are just (-1, Funny)

harumscarum (675595) | more than 10 years ago | (#8915052)

way overrated.

Wait a minute (4, Insightful)

JohnGrahamCumming (684871) | more than 10 years ago | (#8915055)

They didn't actually test these passwords they just said "I'll give you a bar of chocolate if you give me your password".

So people can just make it up.

Yes Mr "Researcher" if offered chocolate 79% of people can think of a random word.

Big deal,
John.

Re:Wait a minute (1, Funny)

Anonymous Coward | more than 10 years ago | (#8915069)

maybe their choices on the poll were as bad as Slashdot Polls.

Was give it up for CowboyNeal an option?

Re:Wait a minute (5, Insightful)

the_mad_poster (640772) | more than 10 years ago | (#8915098)

Depends what type of password they're asking for. I can imagine my boss giving up some of his real passwords for a bribe because he thinks "big deal... that one's not protecting anything sensitive anyway". Except, that comes down to him not understanding that whole "weakest link in the defenses" problem. Yea, maybe THAT password isn't, but what does that give a malicious user access to that could be abused elsewhere? What apps level attacks are we now vulnerable to? What databases could be stolen? Could the attacker now impersonate you to get more information from other people?

Management and business types, and of course home users, don't think security is a big complex model. They think "oh, we have a firewall... we're safe" and that's the end of it.

Re:Wait a minute (2, Funny)

JohnGrahamCumming (684871) | more than 10 years ago | (#8915122)

> Management and business types, and of course home users,
> don't think security is a big complex model. They think
> "oh, we have a firewall... we're safe" and that's the end of it.

I am a management type [electric-cloud.com] , you insensitive clod :-)

John.

Wow... I mean... wow... (2, Interesting)

r6an (710555) | more than 10 years ago | (#8915056)

and most indicated that they were fed up with having to use passwords
Maybe if your admin required something like a 16 character alphanumeric cyber with alt codes, but wow... I thought I was lazy. Maybe it's time for security card (prox)/eye scanner/voice recognition systems (not just one, combination of them)

Re:Wow... I mean... wow... (5, Interesting)

Lumpy (12016) | more than 10 years ago | (#8915166)

you have it easy!

here they added the restriction that you password can not contain any characters that can be typed at the keyboard... oh and you cant use any of your last 50 passwords.

Ok, so I'm kind-of joking... but their stupidity at corperate to make passwords insanely complex has weakened computer security as most users now have their password (and the last 20 or so) written down under their desk blotter, in the drawer or even on a post-it on the monitor...

Oh and corperate's extreme wisdom has the last four of your SSN in your user ID, and they use that same 4 digits to verify who you are to tech support lines...

so basically they, through extremely stupid decisions have significantly weakened the network and computer security here to the point that it is a gigantic joke.

yay for MIS directors that have no clue!

Hang on a minute... (2, Redundant)

beeglebug (767468) | more than 10 years ago | (#8915057)

Without the ability to check that the passwords given are correct, surely the survey results will be totally inacurate?

If someone came up to me in the street and asked me for my password in exchange for a gift, i'd just tell them any old word to get the free stuff...

Pork Rinds! (5, Funny)

Anonymous Coward | more than 10 years ago | (#8915059)

One bag of pork rinds, and I'll give complete superuser access to anybody!

Re:Pork Rinds! (1)

_Spirit (23983) | more than 10 years ago | (#8915212)

Well at least you didn't say human rinds.... You'd think all those commercials for it would have made them more popular by now. (yes I know, I should stop watching Futurama for a couple of months now)

This doesn't surprise me at all... (4, Funny)

Punk Walrus (582794) | more than 10 years ago | (#8915060)

I can't count how many times I have been helping out people with computers and they just blurt out their passwords to me. Even if I don't ask.

Punk: Okay, you say you can't get the NVidia card to work in Red Hat. Let's go to the NVidia site and download--
Dude: My root password is money45!
Punk: [dope smack] NEVER DO THAT AGAIN!

Even back in the days I did call support for an ISP, sometimes I'd just ask their login name and they'd just blurt out, "My login is sueray22 and my password is newyork!"

Re:This doesn't surprise me at all... (4, Interesting)

fdiskne1 (219834) | more than 10 years ago | (#8915120)

Even back in the days I did call support for an ISP, sometimes I'd just ask their login name and they'd just blurt out...

My ISP always asks me what my password is. I've explained to them many times that it gets people into a bad habit and that I have to repeatedly tell my end users to NEVER give out passwords to anyone, even me. After several times, they finally said, "I'll make a note in your account to not ask for your password."

Idiots.

not like passwords? (1)

TedCheshireAcad (311748) | more than 10 years ago | (#8915062)

IT rules with an iron fist:
You will use passwords and you will like it.

But certainly users giving away passwords for chocolate is double-plus-ungood. They would have to offer me some money, but of course none of my passwords protect anything of any real value :(

Solution (1, Funny)

Chuck Chunder (21021) | more than 10 years ago | (#8915129)

Assign people passwords rather than let them choose their own. Make them easy to remember phrases like:

"Fuck off you mother fucking fuck fucker"

Then see if they'll spurt them out to people on the street.

Re:not like passwords? (1)

condensate (739026) | more than 10 years ago | (#8915185)

There was never a trait between this words in newspeak. It is doubleplusungood. Don't you wonder if they vaporize you. But you never existed anyway.
Like doublethink...

Re:not like passwords? (1)

Polkyb (732262) | more than 10 years ago | (#8915203)

I assume that you wouldn't mind somebody reading through what you do have, etc... Maybe even sending e-mails on your behalf...?

I did this once to a senior manager who NEVER logged out or locked his Windows PC when he was away from his desk... I sent a mail to the MD with the subject field 'I QUIT'

Fortunately for him, the MD was also in on the prank and he didn't lose his job, but, it could so easily have been abused by someone else

The manager in question still leaves his PC unlocked when he leaves his desk, though... There's no telling some people

Uh ... yeah I'll tell you my password. (4, Funny)

bryanp (160522) | more than 10 years ago | (#8915068)

It's YERAWANKER. Now where's my chocolate?

Oh, wait. You wanted my REAL password? Well, that'll cost you another chocolate bar. Of course I'll give you my real password this time. Would I lie to you?

Re:Uh ... yeah I'll tell you my password. (0)

Anonymous Coward | more than 10 years ago | (#8915085)

then all of a sudden Benny Hill comes out from around the corner and slaps you on the ass!

Scope of article (1)

etnoy (664495) | more than 10 years ago | (#8915073)

What kind of passwords do they talk about? For example, a password to a home Windows computer would not be a too large security risk, and something worth giving away for chocolate. But when it comes to more important matters, such as addresses to webmail systems and remote-accessible Linux boxes the deal is significantly different. I would never give my root pass away on my server, but my grandma would of course give away her. She doesn't need to keep it secret at all.

Re:Scope of article (2, Insightful)

dummkopf (538393) | more than 10 years ago | (#8915106)

keep in mind that many people have to remember many passwords. this has the effect that the home password might be mami23, whereas the work password might be mami32...

back when i was a sysadmin i once ran a test: we had asked all users to use DIFFERENT password for the 2 NT machines we had and all the other linux workstations. i started cracking passwords on the linux box and found some after 48h (~5% of user passwords). then i used L0phtcrack (awesome tool!) on the NT machine and had about 45% of the passwords after 24h. guess what: from those 45% about half worked also on the linux boxes...

A big problem... (5, Informative)

Lord_Frederick (642312) | more than 10 years ago | (#8915074)

...at many of the places I've worked at is that the users have as many as a dozen passwords to remember for different systems, and each one expires at a different time and has different rules for how long and complex it has to be.

Most of them keep their passwords written down on a sheet of paper right on their desk.

Re:A big problem... (5, Insightful)

Evil Schmoo (700378) | more than 10 years ago | (#8915199)

Absolutely. We're a government facility, including a few areas that are nominally very secure, and as such, we have an extremely good IT department, all of whom work tirelessly to prevent nasty people and things from seeing our noodlings.

The problem is, the vast majority of people who work here are either academic researchers, who are used to open collaborative discussion and find passwords inherently distasteful, or administrative workers, who, while they may be very dedicated civil servants, find the different password systems for email, LAN logon, timesheets, billing, contracts, grants, etc., to be tedious at best and bewildering at worst. Since they are not allowed to have the same universal password, for obvious security reasons, nor is that password allowed to be a recognizable English phrase, they have a great deal of difficulty memorizing each one.

Add in the fact that each password must be changed every six months at a minumum (monthly for some systems) and that passwords cannot be repeated for five cycles, and that's as many as fifty or so passwords over the course of a year for some administrative officers. That's a lot to ask, even for someone with a technically-oriented mindset.

Recognizing that writing them in a booklet next to the desk- or lap-top is a problem, many offices have taken to writing them down inside a lockbox.

Biometrics may help, but if our physical plant is any evidence, we'll be ten or so years behind the curve getting such systems installed.

Fatso stupido (0, Flamebait)

jabbadabbadoo (599681) | more than 10 years ago | (#8915079)

The people surveyed don't have important information on their computers. The few who have are either plain stupid or extremely obese.

does this surprise anyone? it's not a fingerprint! (4, Insightful)

dummkopf (538393) | more than 10 years ago | (#8915081)

for most internet users there is no real value attached to their computer accounts. it is not the same as the pin for your ATM card where, if shared, it would mean an empty account. hence it is understandable that they are willing to share this information.

this, i think, is a big problem and the onyl way to solve it is to re-educate people for them to understand that such a password is important and should not be shared. clearly an alternate solution would be to install fingerprint scanners on all computers (a viable option in the future), but that would not help overcome the erroneous attitute towards computer security. in fact, such scanners would work well as again people are used to the fact that their fingerprint makes them unique and should not be "shared".

finally, this will be an important concern in the future: already we are able to shop online and the future where all transactions go via the internet is near. one account (a la .NET) will be enough to deal with fueling up a car or buying a bunch of roses. probably then the attitute will change, when some smart scammers burn some people's fingers...

I would give out login details for sweets (1, Redundant)

aaronmcdaid (771190) | more than 10 years ago | (#8915087)

I would give out login details for sweets

But they wouldn't be real.

Who says the researchers were given real details by everyone?

Any takers? (1)

drizst 'n drat (725458) | more than 10 years ago | (#8915088)

Anyone interested in giving up their passwords for a $100,000 bar?

Re:Any takers? (2, Funny)

vivian (156520) | more than 10 years ago | (#8915152)

Me! Me! My root password is "changeme".
Please mail the checque to

1A Merz St
Liverpool

Re:Any takers? (1)

VendettaMF (629699) | more than 10 years ago | (#8915206)

Can't give you the root, but the db SYSTEM and SYS accounts are "manager" and "changeoninstall"...

Sad but true... (4, Insightful)

mitchell_pgh (536538) | more than 10 years ago | (#8915089)

Most likely, the people willing to give up their passwords have very little to protect. For many, it wouldn't be life altering if their email was read, their MP3 collection viewed and downloaded and their favorite version of solitaire copied as well. I would argue that the people with valuable data wouldn't give out such information (like many of us in this forum). Also, many people have the luxury that even if the system was maliciously accessed with their user/pass that there would be zero repercussions. They would shrug their shoulders and remember the delicious piece of chocolate they had the day before.

Break their fingers (4, Insightful)

Simon Lyngshede (623138) | more than 10 years ago | (#8915094)

Most system administrator would wish that they had a company policy which allowed them to break the fingers of users who share their passwords.

But if users don't like using password, why force them. I think they would discover very quickly why it's needed. Nothing like a "You suck" email sent from a users account to the boss, to make them realise that may it's not such a bad idea.

A better solution would of cause be wide spread use of Kerberos, then at least they only need to enter their password once.

Re:Break their fingers (1)

MammaMia (764083) | more than 10 years ago | (#8915196)

I'm no IT expert but I do know a pride myself on knowing a lot more than your average joe user... When we started using Kerberos at work I was assigned a 16-character password of random letters (cap & small), numbers and symbols.... Jeez I thought what a PITA to remember. Then of course by the time I used it 3 times I had memorized it.

I think there's a natural fear reaction to long and complex passwords, esp for those who are used to using passwords like 'puppies' for email and their birth year for the ATM. Is the average person's memory really that bad?? Hmm.

Cripes, did I even stay on topic? okay, note to self: don't babble before coffee. ;)

Re:Break their fingers (2, Informative)

Maestro4k (707634) | more than 10 years ago | (#8915197)

  • But if users don't like using password, why force them.
Because of all the extra vulnerabilities it exposes. If a malicious attacker gains access to their account the number of ways they can try to get root privledges grows. There are quite a few root exploits you have to have an account on the system to use. Besides, the passwords are for their protection too, from things such as the E-mail to the user's boss you mention to losing personal information. (I've seen users who stored their credit card account numbers in a plain text file for "convenience".) Basically sysadmins aren't just trying to protect the systems, but the users as well -- even if that means protecting them from their own idiocy.

Ah, yet another nugget (4, Funny)

DarrylKegger (766904) | more than 10 years ago | (#8915095)

in the growing body of evidence to support my thesis that most people
really dont give a crap about anything past their next meal.

Username (1)

glpierce (731733) | more than 10 years ago | (#8915097)

Without a username, passwords don't mean much. If they asked for your email address and password, it would be different.

Re:Username (2, Interesting)

W2k (540424) | more than 10 years ago | (#8915190)

That's assuming you don't use Sneakemail [sneakemail.com] and have thousands of disposable addresses to hand out. Or, assuming you meant the password to the e-mail account itself, you would need the adresses to the mail servers (POP3 or whatever); and of course, the sender's private key (who doesn't sign their mail nowadays?).

Use Password Functions (1)

Boss, Pointy Haired (537010) | more than 10 years ago | (#8915101)

I don't understand why people have a problem with passwords. Are geeks brains really wired so differently to "non-geeks"?

I have a different password for everything; but it is derived from a core password modified in some way that is relevant to the whatever it is the password for; usually the name, such as "Slashdot" or "Fark".

My algo also means that you cannot tell which component of the password is core and which is derived.

sshhhhhh (1)

mikehuntstinks (769637) | more than 10 years ago | (#8915104)

damm you slashdot, this has been my #1 sploit for like 6 years. now i gotta go find out where to get and how to use all these "pre-written scripts" that you all keep talking about. unless............i've got it! ice cream!

Getting desparate are we? (0, Troll)

twbecker (315312) | more than 10 years ago | (#8915107)

Not a troll, but this is really one of the stupidest ./ articles I've seen in a while. I mean, is it really news to anyone that Joe lUser doesn't understand the need to keep his computing environment secure?

So, thats why admins are fat! (4, Funny)

Lispy (136512) | more than 10 years ago | (#8915113)

And I thought it was because we dont go outside. ;-)

i'd give up my bosses password.... (1)

dummkopf (538393) | more than 10 years ago | (#8915119)

.... for a big bar of chocolate. oh wait! his password is so easy, people might guess it without me telling them...

A replacement for passwords (1)

Albanach (527650) | more than 10 years ago | (#8915121)

Isn't this why we need a replacement for passwords? I'm sure we've discussed before using a series of images that users can click on in sequence - that's easier for users to remember and also much more difficult to write down or even tell someone.

If I write on a sticky note evEry0ne that's quite easy for a malicious passer by to remember or for me to give someone when bribed. If however I have to click on a series of eight icons - say smiley face, then a fish then a dog etc etc that's easier than a complex passwords with upper/lower case numerals and to remember and quite difficult to write down or explain over the phone.

People are Ignorant (1)

Ryan Huddleston (759930) | more than 10 years ago | (#8915127)

This simply shows how non-techincal people really don't think about security or responsibility for what goes on under their accounts. It needs to be impressed on these people that their password is NOT TO BE GIVEN AWAY FOR CANDY.

Do these people not realize that Mr. Reseacher could then use their accounts and put scat pr0n all over their home directories and/or send viscious emails to their bosses and/or colleagues?

But hey, I guess this is good news for crackers, eh? No need to write complex toolkits... only a Hershy's bar is really necesssary :-/

Jeez, some people's children...

But in the geek world the real thriller is.. (2, Insightful)

superhoe (736800) | more than 10 years ago | (#8915130)

.. how many people would give away their chocolate for a password?!

Secret tools of the hacker toolbox... (4, Funny)

adamofgreyskull (640712) | more than 10 years ago | (#8915139)

PC.......$600
DSL......$20/month
nmap.....free.

Being pipped to the post by a reporter with a snickers bar.....Priceless.

There are some things even money can't buy, for everything else there's Masterfoods, Plc. [masterfoods.com]

Nipple scanners (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8915140)

nipple scanners are the way to go.

Everyone has nipples and they are pretty unique to each person. These things could be at every ATM so you wouldn't have to carry a card with you. You'd just stand at the ATM, make like Janet Jackson, press your nip against the NSR (nipple scanning receptor) and whamo! you are authenticated.

You could use your left nipple for debit and your right nip for credit. You could have Amex on one nip and Visa on the other. You could get a third nipple grafted on somewhere and use that for your video store dvd hire. The possibilities are endless.

Here cowboy neal.... (1)

ericdano (113424) | more than 10 years ago | (#8915142)

Here cowboy neal...........chocolate.......yummy. You know you want to give up all the passwords to the slashdot.org sites.

My password IS c40Co7At3! (0)

Anonymous Coward | more than 10 years ago | (#8915143)

You insensitive clod!

These people are too easy... (2, Funny)

cableshaft (708700) | more than 10 years ago | (#8915147)

I'd only give up my password for dark chocolate.

The world would be a much better place... (1)

-kertrats- (718219) | more than 10 years ago | (#8915149)

If everyone had an Ident-i-Eeze.

this study.... (4, Funny)

WebMasterJoe (253077) | more than 10 years ago | (#8915155)

This study brought to you by Klondike. What would you do for a Klondike bar?

67 passwords (3, Funny)

NetDanzr (619387) | more than 10 years ago | (#8915156)

My boss has 67 different accounts with various financial Web sites. He's really dilligent, and always creates a different user name and password. Then he puts them all, along with the proper Web site address, into an Excel spreadsheet, prints them out and leaves them next to the computer.

Kinda useless, if you ask me. I prefer to have 3-5 different passwords and use post-its attached to my monitor.

This is why I've always advocated non-expy passes (1)

Maestro4k (707634) | more than 10 years ago | (#8915157)

I know that a lot of places make a big deal out of expiring passwords and forcing the user to change it once every 30 days (or more or less depending on the place). Most places that do this also use a system that remembers the last few passwords (one I worked at remembered the last 6) so you had to ostensibly pick something entirely new. You've probably already guessed what happened instead, users would pick a word then just add numbers to it. No security there!

When I've been in admin positions and responsible for password policy I prefer forcing the user to create a strong password in the first place (by using a modified passwd to check for easily guessed ones, and enforcing things such as not all lower or upper case, etc.), but then I don't expire them! I've found most users are fairly happy with the process since they don't have to constantly try to remember a new, random, password and after a while they don't even write it down anymore, greatly increasing security.

Face it, most people just want things to be easy, and having to type in a password's a pain to them. They have no concept of how insecure it is to give out their password, or leave it written on a sticky note on their monitor. As admins we have to find a way to make the process palatable for them and relatively secure.

Personally though I've never had a problem remember passwords, I still remember passwords I'll never need again, and we're talking some of the 30+ character pseudo-random string ones. I have no clue why I can remember passwords so easily, but it definitely comes in handy. I tend to have a different root password on every server I deal with and all of them would take an eternity to try to guess through brute-force.

Research curtailed too early... (1)

shic (309152) | more than 10 years ago | (#8915159)

Is there a correlation between percentage cocoa solids and the coercive power of chocolate?

But! But! Everybody LOVES chocolate! (1)

numbski (515011) | more than 10 years ago | (#8915161)

Everybody loves chocolate! [wapers.com]

Go ahead, tell me I'm wrong. :P

Google Bakaretsu Hunters if you're lost. ;)

Single signon, single login (1)

Moderation abuser (184013) | more than 10 years ago | (#8915168)


Kerberos. Works with Windows and Unix.

See the "Liberty Alliance Project" for internet web sites.

There's of course other ways of doing it. LDAP, ssh etc.

Big questions: Who is ignorant? Who is arrogant? (1)

foobsr (693224) | more than 10 years ago | (#8915170)

"We are amazed at the level of ignorance from consumers on the need to protect their online identity," said Tim Pickard, spokesman for RSA Security.

Is that arrogance ?

Just the reduction (and the 'idea of man' / {Menschenbild} hiding from behind) of 'identity' to the concept of an "online identity" makes my stomach hurt (will not bother my brain with anger).

CC.

Some password advice ... (4, Funny)

bryanp (160522) | more than 10 years ago | (#8915171)

Occasionally you may HAVE to tell someone your password. Keep that in mind selecting one. Consider this exchange I had with one of my users a while back:

Bryan: "What's your password on this system?"

Tammy: "Uh ..." *blush* "Do I have to?"

Bryan: "No, you can always call the help desk like you're supposed to, but I can't reset your password on this system."

Tammy: "Um ... it's ... TPBP6969. It's my initials followed by my husband's initials. Please don't tell anyone!"

Bryan: "Considering your husband and I have the same initials I think I'll keep that one to myself. But in the future you might want to select a less ... personal password."

I'd give up my password (0)

Anonymous Coward | more than 10 years ago | (#8915174)

for a girl who would give up her password for a bar of chocolate

Listen Here You Geeks (1, Funny)

Anonymous Coward | more than 10 years ago | (#8915175)

Why do you find this surprising? I know most of you don't know what a woman is, but do you know how badly they crave chocolate? If you learn this simple fact, the world will be come your oyster, so to speak. Now get ye gone and lose that virginity!

Let me guess (0)

Anonymous Coward | more than 10 years ago | (#8915176)

The other 30% were too dumb to think up a random word in exchange for the chocolate.

I weep for the future. (0, Funny)

buysse (5473) | more than 10 years ago | (#8915180)

Now, I just need to figure out how to do strong biometric identification over ssh or SSL-imap... preferably authenticating against some part they won't let people play with for mere chocolate...

what would you do for a klondike bar? (0)

Anonymous Coward | more than 10 years ago | (#8915188)

would you... would you kill a man?
-family guy.

Goon password extraction (1)

FraggedSquid (737869) | more than 10 years ago | (#8915194)

Count Moriarty: Will you give me your password for this chocolate bar?
Grytpype-Thynne: What, how dare your, sir. I'll have you know that I'm a patriotic English gentleman!
Count Moriarty: Which means?
Grytpype-Thynne: I'll only do it for money

I would (1)

goatan (673464) | more than 10 years ago | (#8915198)

Take the chocolate and then lie about my password. did they test the passwords to see that they worked after all it only takes a second to make up a word in return for sweet sweet candy

Price has gone up, it used to be a cheap pen. (2, Interesting)

anti-NAT (709310) | more than 10 years ago | (#8915202)

"Workers are prepared to give away their passwords for a cheap pen, according to a somewhat unscientific - but still illuminating - survey published today."

Office workers give away passwords for a cheap pen [theregister.co.uk]

What's wrong with chocolate bars? (1)

Pedrito (94783) | more than 10 years ago | (#8915210)

I don't get it? What do you guys have against chocolate? I thought it was an exceptional deal. Still trying to figure out where all the money in my bank account went, incidentally. Anyone have any ideas?

Anybody know the favourite chocky bar of....... (2, Funny)

MrIrwin (761231) | more than 10 years ago | (#8915214)

a) A lead software architect at MS, b) The comptroller at Amex, c) George W.Bush, d) The webmaster of iTunes.com e) CmdrTaco

Any help will be gratefully recieved and results will be shared with all. Oh boy will they be shared........

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>