Chocolate No Longer As Effective In Separating Men From Their Passwords?

from the fun-with-statistics,-headlines-and-chocolate dept

There are a bunch of headlines today about the fact that people will give up their passwords in exchange for some chocolate, but most of the reports seem to be missing the point. Similar studies have been conducted for years. Four years ago, we saw an almost identical study. Other studies have shown that people will give up their passwords for a ballpoint pen or chance to win theater tickets. None of this really proves very much. The "chocolate" hook is really just for generating headlines. After all, a similar study showed that people would give up private data if you just ask nicely. Chocolate may have nothing to do with it.

In reality, though, the interesting part of this chocolate story is the fact that the number of people who give up their password for chocolate is way down this year compared to the same study last year. Last year 64% gave up their password, whereas this year only 21% did. That's a huge difference, and should make you question the methodology. It certainly sounds like the results could depend very much on how persuasive the questioner is. Hire someone who's a good social engineer, and the numbers go up. For the same reason, I wouldn't give very much credence to the other headline coming out of this study that women are more likely than men to hand over their passwords. Again, without testing it under identical circumstances, it's tough to determine that for sure. A good social engineer will be able to get passwords out of plenty of people, whether using chocolate, a ballpoint pen or just plain sweet talk.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: chocolate, passwords, security, social engineering


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Haywood, 16 Apr 2008 @ 3:16pm

    I'll bet sex still works

    at least on men

    link to this | view in chronology ]

    • identicon
      blacjack, 16 Apr 2008 @ 3:21pm

      Re: I'll bet sex still works

      Nope, we're talking computer folk's not construction works....

      link to this | view in chronology ]

      • identicon
        CVPunk, 16 Apr 2008 @ 3:30pm

        Re: Re: I'll bet sex still works

        Computer folk's?? You mean geeks? so...free porn and a new HDD would probably work?

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 16 Apr 2008 @ 6:21pm

          Re: Re: Re: I'll bet sex still works

          How about a tank of premium gas, or a few bottles of Balvenie?

          link to this | view in chronology ]

        • identicon
          Anonymous Coward, 17 Apr 2008 @ 12:07am

          Re: Re: Re: I'll bet sex still works

          LOL HDD...SSD maybe. SSD with porn, ill give you any password you want!

          link to this | view in chronology ]

      • identicon
        Haywood, 16 Apr 2008 @ 3:30pm

        you're right

        With them they only have to have to bat their eyes and let it seem a possibility.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Apr 2008 @ 3:19pm

    I'd be more likeley to give up my password for a women then a women would give up her password for me.

    link to this | view in chronology ]

  • identicon
    Napacab, 16 Apr 2008 @ 3:45pm

    ok

    my password is &$#^)):-)

    link to this | view in chronology ]

  • identicon
    Dave, 16 Apr 2008 @ 3:46pm

    Are you cute?

    I'll show you my password if you show me yours..

    link to this | view in chronology ]

  • identicon
    Jack Sombra, 16 Apr 2008 @ 4:19pm

    "Last year 64% gave up their password, whereas this year only 21% did. That's a huge difference, and should make you question the methodology."
    While i do not deny there are huge questions about the methodology i would be susprised if there was not some kind of large drop. People are slowly but surely becomeing more IT security aware, be it passwords, identity theft or big companys/government losing your data, bearly a day pass's by where their is not something related to these in the news/press.

    People are stupid, but if you repeat something enough times they do eventually learn something and stop falling for the most obvious scams

    But that said a good social engineer will always have a good success rate because they are not so obvious as "hey i will give you some chocolate if you give me your password"

    link to this | view in chronology ]

  • identicon
    Crazy Turk, 16 Apr 2008 @ 4:23pm

    Social Engineering... Just being good at fibbing

    It's amazing how much people are willing to believe and how many people are blindly trusting even to strangers. If your really good at it, you can even get people to believe something that they didn't even believe in the first place or better yet stood against for many many years. It's not just a co-incidence though that the best fibbers also make the best social engineers...

    Hack the Planet... or at least it's people

    link to this | view in chronology ]

  • identicon
    p@55w0rd, 16 Apr 2008 @ 4:24pm

    And how many of those "givenup" passwords were legitimate ?

    link to this | view in chronology ]

  • identicon
    Chad, 16 Apr 2008 @ 4:42pm

    Maybe everyone is just a little smarter with all the credit card fraud, identity theft and similar things that are in the news now. Certain grocery store chains (cough, Hannaford, cough) loosing millions of credit cards #'s and info. to a hacker. Great site by the way, love reading it.

    link to this | view in chronology ]

  • identicon
    Tom The Toe, 16 Apr 2008 @ 5:24pm

    Ha

    I'll give 'em my password. Without the user ID or login name it's still just a word

    link to this | view in chronology ]

  • identicon
    Pete, 16 Apr 2008 @ 6:49pm

    lawl

    link to this | view in chronology ]

  • identicon
    Peter, 16 Apr 2008 @ 11:32pm

    I would give up my password for a new macbook air :-)

    link to this | view in chronology ]

  • identicon
    Rekrul, 17 Apr 2008 @ 1:40am

    First, I'd ask why they wanted the password, then I'd give them a fake one and take the chocolate. Only if it was good chocolate though, if it was Hershey, they can keep it.

    link to this | view in chronology ]

  • identicon
    Ferin, 17 Apr 2008 @ 4:51am

    I've always been curious

    Do they ever check to see if they got a the correct password? Is this just an honor system thing? I mean, I'll give you a password for a chocalate bar, but it sure as hell won't be my real password.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Apr 2008 @ 6:38am

    My password

    Yes... my password is... tater salad

    link to this | view in chronology ]

  • identicon
    ummm, no, 17 Apr 2008 @ 7:02am

    totally rigorous research

    All this tells me is that 21% of people are smart enough to give a researcher a fake password in exchange for free chocolate. What a stupid and flawed study.

    link to this | view in chronology ]

  • identicon
    Alimas, 17 Apr 2008 @ 7:33am

    Not enough info

    That article isn't really surrendering enough information on how the study was done to be able to garner its validity.

    link to this | view in chronology ]

  • identicon
    George Costanza, 17 Apr 2008 @ 12:03pm

    Bosco

    link to this | view in chronology ]

  • identicon
    pony, 18 Apr 2008 @ 2:38am

    my password is ********, now wheres my chocolate

    link to this | view in chronology ]

  • identicon
    Giengus, 25 Apr 2008 @ 7:35am

    Stop I'm About To Pee My Pants

    Oh, you want a legit password? OK, here it is. Hand over the SSD with Porn now! Thank you. BTW, that password I gave you? Yeah I'm changing it now.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.