Women are also used to giving out phoney phone numbers to pushy men; no wonder they could come up with a non-verified password quickly. Seems what this survey showed was that men are too dim and slow to pull a phoney out of their grey matter.

Ahh, those halcyon days:

http://www.theregister.co.uk/2005/08/26/women_men_safe_surfing/

http://www.theregister.co.uk/2005/09/21/family_net_aol/

http://www.theregister.co.uk/2005/06/30/male_spyware_risk/

It was a short three years ago that men were more of a security vulnerability than women when it came to malware. Now we learn that it only takes a chocolate bar to compromise a network!

Amazing. Absolutely amazing. Thanks for the tip -- now I know how to hack my wife's AOL account... :-)

You can see it now: "Yes, I'll give you my password for chocolate. My password is giev_free_chocklat_now"

I've done it before and I'll do it again. I won't promise that it'll actually ever be a password that I currently use, have used or ever will use.

Surely this is just city workers showing how to con a researcher out of a choccy bar...

The funny thing about surveys: you tend to get the response you want.

Ask people if they'd give away their password for a sweetie and people will think "oooh, passwords ...... security ...... mustn't divulge ....."

Do a bit of social engineering, for instance phone them up and claim to be from the support desk. Say you need their password to install the upgrades that will make their PCs twice as fast and they'll probably even let you tickle their tummies(!), too.

Just for the record, my password is "chocolate". Can I have my Mars bar now? And I don't believe you're from the help desk.

and who cares about security - you use to be able to get a lot more :)

I always need some incentive to change mine.

Yet again this survey isn't measuring the value of passwords, it is measuring the rate that people choose to hand over some random word when offered a piece of chocolate in exchange.

True female result breakdown:

50% - didn't like the look of the chocolate

5% - fancied the chocolate but didn't want to lie to get it

44% - made up a bogus password in exchange for choccy goodness

1% - were daft enough to give a real password away- but still didn't say who they were or which of their accounts it was tied to in the hope it wouldn't matter.

Same for men, except many more didn't fancy the chocolate.

Paris, Greek Godess of oral pleasure.

"Women love chocolate more than password security"

I know several women, some of them quite well, and my impression is that they love chocolate more than almost _anything_

"Little attempt is made to verify the authenticity of the passwords, beyond follow-up questions asking what category it falls under. So we don't know whether women responding to the survey filled in any old rubbish in return for a choccy treat or handed out their real passwords."

I know which I'd put my money on, because (although I do not have the privilege of being a woman myself) I know exactly what I would do. I would think "Hmm, here is a man who will give me free stuff, (chocolate even!), if I am prepared to utter some utterly unverifiable random word or phrase. Score!"

And I would go about my day, happy that the man had gone home pleased with his survey results (which were wrong, bwahahahah) and enjoying my new found chocolatey wealth.

So yes, I think what this survey probably measures is the number of people prepared to engage in some mild deception of a complete stranger in order to get some chocolate.

Further, I rather suspect that the people who didn't do so probably had some understandable issues about taking sweeties from clipboard wielding strangers. The figures probably reflect a rise in those holding such concerns, what with "the current climate" of worrying about [what ever it is this week].

What crap, Reg you should be ashamed printing this stoopid crap. This is the kind of research I'd expect from the Bush Administration not the Register. These researchers are probably used to getting fake answers from women anyway.

the guy I met suggesting you could hack any account by sending him your username and password has something -- this is pointless.

As pointed out by many others, this survey shows that women are four times as clever. Can we have a Richard Madley or Peter Andre icon to complement the Paris Hilton icon?

"Little attempt is made to verify the authenticity of the passwords"

Enough said...

I'd have given them something that looked like a password for a freebie too.

Hell I've had fake business cards, with fake phone numbers in the past to get freebies at shows and to fob off pushy salesmen!

Must get some more printed...

Surely the real point of this research was a test for bio-terrorists...

Pose as researchers, offering free chocolate in exchange for xyz information; give out said chocolate.

Sounds like an easy and viable way to infect/poison a good proportion of people in a city! And who'd think that such an innocent looking person could be handing out poisoned chocolate? Maybe they didn't know it was poisoned and actually believed in the research!!

Now where's that tin foil? Time for a new trilby I think.

Obviously AC

Doesn't this article get published about once a year?

This survey is useless.

"Little attempt is made to verify the authenticity of the passwords, beyond follow-up questions asking what category it falls under. So we don't know whether women responding to the survey filled in any old rubbish in return for a choccy treat or handed out their real passwords."

What were the passwords for? Email? Corporate Account? Yahoo games?

Did the user change the password as soon as they got to their PC?

Are men more likely to tell the truth and decline giving out passwords because they enjoy the feeling of empowerment and protection, whereas women are more craving objects/possessions and thus told a lie to get free chocolate? Can we thus say that men are more likely to tell the truth and women are more likely to lie?

My own assertions above are just as stupid as those made from the survey.

... studying, a girlfriend of a friend of an acquaintance, she set her password to chocolate, and didn't change it for the rest of her studies (4 years later).

Always good for getting access to the network and downloading things ...

Seems to coincide with Hazel Rees's observation in the most recent Comments:

http://www.theregister.co.uk/2008/04/15/comments/

Beat me to it ... to select a random gloat: "this survey shows that women are four times as clever" ... or four times as stupid. Candy from a stranger? Very clever. This behavior is why date rape drugs work ... "Buy you a drink?"

But I thought the password to get into most women was "I love you" anyway (if chocolate doesn't work).

Oh, I see, you mean some of them actually use computers??

Again?

http://www.channelregister.co.uk/2007/04/17/chocolate_password_survey/

"So either people are getting more security-aware or more weight-conscious."

Good one, methinks!

I might just fork over the passwords to my home computer for hand full of yummy food-stuffs. I'll even tell you where I live. I might also use the "Terminal Client" app on my Sidekick to ssh into said computer and change all the aforementioned passwords. Run fast dude, my connection is slow, but not that slow. Oh and the dog isn't to fond of strangers so I hope you don't like those pants *wink*.

Has anyone thought of running the same survey to see if men are more willing to divulge their password for beer?

That description about sums it up for me. Whatever happened to the scientific method?

Oh, and "ostensibly so they could be entered into a draw to go to Paris" -- and slightly more women than men responded to that one? Really?

[icon is part of the joke, for the slow]

I have upon occasion given out fake phone numbers and fake email addresses to get some skeezy guy to leave me alone. For free chocolate (If it was a kind I liked) I might give a fake password.

I might also take the free chocolate knowing that the wrapper is going to have their fingerprints on it, should that be needed at a later date. While I might save the wrapper I would eat the chocolate.

Hang on. These folks ran a bogus competition. There are specific laws against that. The headline should be "Security professionals scofflaws in annual PR stunt".

Name: billg

Password: Mi¢ro$oft

I prefer Snickers Bars, large size.

I remember reading about one scam where pickpockets would use a sexy woman to deliberately collide into smartly-dressed businessmen in order to distract them and steal their wallets.

How about getting some attractive young women in short skirts to ask the questions, and see whether men or women are more likely to give out their passwords?

<ring> "Hi, this is tech support, we need to do a remote upgrade on your pc, can you give me your username and password please?"

I'm in field support and I've had people give me their passwords without me even asking. Mind you, sometimes I've also asked for their user ID and they've given me their password instead. *sigh* No, your USER ID. Which sometimes they don't remember because they only have to type their password every day.

The world is a stupider place than anyone thinks.

Wasn't this done back in April 2004 as well? http://www.iwar.org.uk/news-archive/2004/04-20.htm

What? Are the Uni Boffins running out of ways to make a quick buck from the public trough?

....would have worked much better on men!

(mine's the birthday suit)

that 'bogus research' is probably worth a pretty penny to various web-based criminal groups.

I hope they didn't loose the CDs, and shredded, then burnt the records!

BTW I got a huge attack of deja-vu reading this article, more glitches in The Matrix?

"50% - didn't like the look of the chocolate"

how meny women do you know?????

That one depends purely on the quantity of beer. Using enough beer you'll not only get the login credentials, but the bloke who gave them won't remember doing so the next day and, therefore, won't change 'em.

This also works equally as well with cider, scotch, vodka, gin, tequila, methelated spirits and Windowlene.

If you offered a glimpse of female flesh, I bet the figures would be reversed :-)

I can't count how often I managed to tailgate into buildings. And then people get upset when they try to follow me in and I ask them for their badge..

However, I had someone apologise after saying "Are you serious?" first when he realised exactly what could have happened if I had NOT asked - he now does it himself. If you remain polite and courteous you CAN educate people..

A similar survey was conducted this morning by a group of people presenting themselves in the following way: 1, the audience, dressed as a jury in front of; 2, the film crew, holding large weapons that they pulled from; 3, a TV relay vehicle that was made to look like a mobile cage and; 4, the interviewer, who wore a shiny sergeant's uniform and grimaced agressively as he asked, "Have YOU EVER broken ANY laws?" to anyone that came within 20 feet of him.

As a result of this survey we are now confident to report that ALL crime has stopped.

You seriously must be in isolation to even have 50% of the women decline to chocolate. And yes i do agree that with men a bit of flesh is all it takes to reverse the figures.

IMHO, Social engineering will soon take over convoluted code hacking and malicious code crafting and injection!!! So i guess this means good business for chocolate factories!!!

Mine's the one printed Cardbury's on the back!

Now if you'll just put your index finger on this little pad to confirm your participation I'll give you the choccy bar.

Aren't you missing a few there – such as 50% of females wondering whether free chocolate will mess up their diets ;)

Of course perhaps the people who turned it down - doubted that the free chocolate will be any good (the paranoid would be thinking what mind control drugs have they laced it with to prove the answers ;) )

But the really bright ones – will have thought market research type person with clipboard - avoid

"Infosec has conducted similar surveys every year for at least the last five years"

Oh, right.

So, what are you whingers complaining about? The article made it pretty clear it was a repeat study.

Learn to read!

They don't say what chocolate was offered. In the interests of science, the experiment needs to be repeated to see if the results change depending on the quality of chocolate offered.

For the record, if I liked the the look of the chocolate, I'd give out a fake user name and passworrd.

The heart because mmm.... chocolate.

bu7!lik£chocl4t3t00much!

.. just how many women are prepared to eat something which has been handed out to them by a total stranger in the street.

(researcher + chocolate) and (woman + lie)

==

(woman + chocolate) and (researcher + dodgy data)

...if most of them, male and female, really *did* fork over their passwords. Years of diligent research has led me to the conclusion that eight out of ten people are fucking stupid.

that's 12 percent isn't it?

Well done mate, I was gonna ask the same thing with perhaps an RC car or similar on offer.

Plus, I could be wrong, but isnt it more a question of these "researchers" were asking these people to create a username and password specifically for the purpose of entering the competition, rather than asking them outright what their passwords were?

I got a similar "enter here for free chocolate" email a few years back. Needless to say I didnt bother. I just got off my fat @rse and bought some from the shop for 30p.

Paris cos she'd do almost anything for and with chocolate if you point a camera at her.

"90% of men too stupid to make up a random word in exchange for free stuff from an idiotic researcher"

Hmmm, have to be very trusting to take candy from a stranger/possible terrorist. Need someone in mind to test it on.

Sooo...

Women are four times likely to try and dispose of their bosses with tainted chocolate.

Paris is now a greek goddess?

Gives a whole new meaning to the "judgement of Paris" Not saying that it's not an improvement, though.

(mmm, lesbians)

Oh, wait - Paris (the heiress not the mythological hero) doesn't have any judgement.

I stand corrected.

It is not uncommon to see bad statistical data, but only the BSA could report stuff that is so statistically flawed. Remember the BSA saying:

"A 10 per cent reduction in the UK's software piracy rate would result in 34,000 new jobs, £11bn of economic growth and a £2.8bn increase in tax revenues"

This data about passwords is no more credible than what the BSA wrote.

A school child can see how flawed it is.