Social Engineering Still Best Way to Crack Security

binaryDigit writes "The Register has an amusing article about a study done in the UK where office workers were asked tricky questions like 'What is your password', and 75% of the respondents answered... They were also asked ethical questions, 'If you found a file with your coworkers salaries, would you look', 75% would, and 38% would pass the information around! Read on to be both amused (esp. the CEO) and scared."

Re:Social Engineering is all but unstoppable

[Santos+L.+Halper]

When I do on-site work, I often have to ask people their passwords. I can't think of one time when anybody refused to tell me. In fact, many make it a point to tell me that they use that password for everything. I still remember most of the passwords, too.

Social engineering vs. Common Passwords.

[EinarH]

Why bother doing social engineering at all?
Probably well over 50% of users use a common password within the top 10 category. (source silicon.com and Egg (UK bank))

Top 10 list:
1. Blank
2. password.
3. Cartoon(s).
4. Footbal team or player.
5. Pets.
6. Date of birth.
7. Girfriend name.
8. Something nasty; words like sex, fu** or prOn.
9. Sci-fi or fantasy (Gandalf, Yoda, etc.).
10. Company name.

Other common alternatives:
-Names on children
-qwerty and asdf
-Same password and login (root and root)

It's sad; but Joe-users are (generally) very ignorant about this problem.