Workers were asked a series of questions which included what is your password, to which 37% immediately gave their password, if they initially refused the researchers used social engineering tactics, “I bet it’s to do with your pet or child’s name”, at this a further 34%revealed their passwords. Of the 172 office workers surveyed many explained the origin of their passwords, such as “my team – Spurs”, „“my name – Charlie”, ”my car – minicooper““, „“my cat’s name – Tinks”. The most common password categories were family names such as partners or children (15%), followed by football teams (11%), and pets (8%), the most common password was “admin”. One interviewee said, “I work in a financial call centre, our password changes daily, but I do not have a problem remembering it as it is written on the board so that every one can see it.” What everyone, our stunned researcher asked? “Yes, although I think they rub it off before the cleaners arrive”, replied the worker. When asked if they would give their password to someone calling from the IT department, they were slightly more wary with only 53% saying that they would not give their password as it could cause a security breach. That still left just under half of workers vulnerable to social engineering techniques, which are often used by hackers to gain access to systems, they often pretend to be calling from the IT department and requesting a user’s log on and password to “resolve a network problem”. Password security was also not good between colleagues as 4 out of 10 knew their colleagues’ passwords and 55% said that they would give their password to their boss. One man said that we use 10 different systems a day, so we all use the same passwords for each one so that we can remind each other if we forget. In addition to using their password to gain access to their company information two thirds of workers use the same password for personal access such as online banking, website access, etc. Using just one password could make them more vulnerable to financial fraud or even identity theft. Eighty percent of workers were fed up with using passwords and 92% said that they would rather be able to log on using biometric technology such as fingerprint and iris scanners, or be able to log on using smartcards or tokens. When asked whether they would feel happier using internet banking if their bank provided biometric and smart card technology to verify their identity, 86% of workers said that this would make them feel safer, and most of them said that it would also encourage them to use online banking as they felt it would make their information more secure. www.infosec.co.uk