No I shouldn't really... oh well OK then!

Last year, 90% of commuters stopped on the way to work were willing to tell researchers what their password was in exchange for a cheap pen.

This year, a chocolate bar was all that was needed to encourage 71% of London office workers to give up vital computer security information.

The study was the third annual survey into password security to be carried out as part of the Infosecurity Europe event, which takes place at Olympia in London next week (27 to 29 April).

Office workers arriving at Liverpool Street railway station were asked a series of questions, including 'what is your password?', to which 37% immediately gave away the answer. If they refused, researchers used what they called "social engineering tactics" to dupe workers into revealing the required information - for example by saying 'I bet it's to do with your pet or child's name'. A further 34% revealed their passwords following this approach.

It's only 'admin'

The most common categories of password were family names such as partners or children (15%), followed by football teams (11%), and pets (8%). However, by far the most commonly used password overall was "admin".

Despite an apparent lack of concern over password security, officer workers said they would be slightly more wary if asked for their password by someone claiming to be from the IT department. According to the study just over half (53%) said they would not provide their password under these circumstances.

A spokesman for Infosecurity 2004 commented: "That still left just under half of workers vulnerable to social engineering techniques, which are often used by hackers to gain access to systems."

The study also revealed that password security was poor between colleagues, with four out of 10 knowing their co-workers' passwords and 55% confirming that they would give their password to their boss, if asked.

Two thirds of workers used the same password for personal access - such as online banking, website access and email - despite the fact that this could make them more vulnerable to financial fraud or identity theft, according to the researchers.

A smarter way?

Most passwords were changed on a monthly basis (51%). One in ten were revised each quarter, whereas 13% were "rarely changed" and 20% were "never changed". Many of those questioned who were forced to regularly alter their passwords said that they wrote them down on pieces of paper and kept them in their desks, or stored them in documents on their computer.

Interestingly, as many as 80% of office workers said that they were "fed up" with using passwords and 92% claimed they would rather log on using biometric technology such as fingerprint and iris scanners, or by using smart cards or tokens.

This was also the case with personal access, with 86% telling researchers that biometric or smart card technology would encourage them to use services such as online banking.

Claire Sellick, event director for Infosecurity Europe 2004, commented: "This survey proves people are still not as aware as they could be about information security. This often comes down to poor training and procedures.

"Employers should make sure that their employees are aware of information security policies and that they are kept up-to-date."

Johnny Thomson