Chocolate No Longer As Effective In Separating Men From Their Passwords?

from the fun-with-statistics,-headlines-and-chocolate dept

Wed, Apr 16th 2008 2:52pm — Mike Masnick

There are a bunch of headlines today about the fact that people will give up their passwords in exchange for some chocolate, but most of the reports seem to be missing the point. Similar studies have been conducted for years. Four years ago, we saw an almost identical study. Other studies have shown that people will give up their passwords for a ballpoint pen or chance to win theater tickets. None of this really proves very much. The "chocolate" hook is really just for generating headlines. After all, a similar study showed that people would give up private data if you just ask nicely. Chocolate may have nothing to do with it.

In reality, though, the interesting part of this chocolate story is the fact that the number of people who give up their password for chocolate is way down this year compared to the same study last year. Last year 64% gave up their password, whereas this year only 21% did. That's a huge difference, and should make you question the methodology. It certainly sounds like the results could depend very much on how persuasive the questioner is. Hire someone who's a good social engineer, and the numbers go up. For the same reason, I wouldn't give very much credence to the other headline coming out of this study that women are more likely than men to hand over their passwords. Again, without testing it under identical circumstances, it's tough to determine that for sure. A good social engineer will be able to get passwords out of plenty of people, whether using chocolate, a ballpoint pen or just plain sweet talk.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: chocolate, passwords, security, social engineering

25 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Haywood, 16 Apr 2008 @ 3:16pm

I'll bet sex still works
at least on men
[ link to this | view in chronology ]
- blacjack, 16 Apr 2008 @ 3:21pm
  
  Re: I'll bet sex still works
  Nope, we're talking computer folk's not construction works....
  [ link to this | view in chronology ]
  - CVPunk, 16 Apr 2008 @ 3:30pm
    
    Re: Re: I'll bet sex still works
    Computer folk's?? You mean geeks? so...free porn and a new HDD would probably work?
    [ link to this | view in chronology ]
    - Anonymous Coward, 16 Apr 2008 @ 6:21pm
      
      Re: Re: Re: I'll bet sex still works
      How about a tank of premium gas, or a few bottles of Balvenie?
      [ link to this | view in chronology ]
    - Anonymous Coward, 17 Apr 2008 @ 12:07am
      
      Re: Re: Re: I'll bet sex still works
      LOL HDD...SSD maybe. SSD with porn, ill give you any password you want!
      [ link to this | view in chronology ]
  - Haywood, 16 Apr 2008 @ 3:30pm
    
    you're right
    With them they only have to have to bat their eyes and let it seem a possibility.
    [ link to this | view in chronology ]
Anonymous Coward, 16 Apr 2008 @ 3:19pm

I'd be more likeley to give up my password for a women then a women would give up her password for me.
[ link to this | view in chronology ]
- wolfy, 17 Apr 2008 @ 3:42am
  
  Re:
  Woman - singular Women - plural
  [ link to this | view in chronology ]
Napacab, 16 Apr 2008 @ 3:45pm

ok
my password is &$#^)):-)
[ link to this | view in chronology ]
Dave, 16 Apr 2008 @ 3:46pm

Are you cute?
I'll show you my password if you show me yours..
[ link to this | view in chronology ]
Jack Sombra, 16 Apr 2008 @ 4:19pm

"Last year 64% gave up their password, whereas this year only 21% did. That's a huge difference, and should make you question the methodology."
While i do not deny there are huge questions about the methodology i would be susprised if there was not some kind of large drop. People are slowly but surely becomeing more IT security aware, be it passwords, identity theft or big companys/government losing your data, bearly a day pass's by where their is not something related to these in the news/press.

People are stupid, but if you repeat something enough times they do eventually learn something and stop falling for the most obvious scams

But that said a good social engineer will always have a good success rate because they are not so obvious as "hey i will give you some chocolate if you give me your password"
[ link to this | view in chronology ]
Crazy Turk, 16 Apr 2008 @ 4:23pm

Social Engineering... Just being good at fibbing
It's amazing how much people are willing to believe and how many people are blindly trusting even to strangers. If your really good at it, you can even get people to believe something that they didn't even believe in the first place or better yet stood against for many many years. It's not just a co-incidence though that the best fibbers also make the best social engineers...

Hack the Planet... or at least it's people
[ link to this | view in chronology ]
p@55w0rd, 16 Apr 2008 @ 4:24pm

And how many of those "givenup" passwords were legitimate ?
[ link to this | view in chronology ]
Chad, 16 Apr 2008 @ 4:42pm

Maybe everyone is just a little smarter with all the credit card fraud, identity theft and similar things that are in the news now. Certain grocery store chains (cough, Hannaford, cough) loosing millions of credit cards #'s and info. to a hacker. Great site by the way, love reading it.
[ link to this | view in chronology ]
Tom The Toe, 16 Apr 2008 @ 5:24pm

Ha
I'll give 'em my password. Without the user ID or login name it's still just a word
[ link to this | view in chronology ]
Pete, 16 Apr 2008 @ 6:49pm

lawl
[ link to this | view in chronology ]
Peter, 16 Apr 2008 @ 11:32pm

I would give up my password for a new macbook air :-)
[ link to this | view in chronology ]
Rekrul, 17 Apr 2008 @ 1:40am

First, I'd ask why they wanted the password, then I'd give them a fake one and take the chocolate. Only if it was good chocolate though, if it was Hershey, they can keep it.
[ link to this | view in chronology ]
Ferin, 17 Apr 2008 @ 4:51am

I've always been curious
Do they ever check to see if they got a the correct password? Is this just an honor system thing? I mean, I'll give you a password for a chocalate bar, but it sure as hell won't be my real password.
[ link to this | view in chronology ]
Anonymous Coward, 17 Apr 2008 @ 6:38am

My password
Yes... my password is... tater salad
[ link to this | view in chronology ]
ummm, no, 17 Apr 2008 @ 7:02am

totally rigorous research
All this tells me is that 21% of people are smart enough to give a researcher a fake password in exchange for free chocolate. What a stupid and flawed study.
[ link to this | view in chronology ]
Alimas, 17 Apr 2008 @ 7:33am

Not enough info
That article isn't really surrendering enough information on how the study was done to be able to garner its validity.
[ link to this | view in chronology ]
George Costanza, 17 Apr 2008 @ 12:03pm

Bosco
[ link to this | view in chronology ]
pony, 18 Apr 2008 @ 2:38am

my password is ********, now wheres my chocolate
[ link to this | view in chronology ]
Giengus, 25 Apr 2008 @ 7:35am

Stop I'm About To Pee My Pants
Oh, you want a legit password? OK, here it is. Hand over the SSD with Porn now! Thank you. BTW, that password I gave you? Yeah I'm changing it now.
[ link to this | view in chronology ]