Hands up who wouldn't make up a password in exchange for a £5 voucher ?

Why on Earth are people still doing these studies? What has been proved - conclusively - by several studies before is that people will quite happily tell a researcher a word that may or may not be their actual password in exchange for a reward.

Hell, I'd be more than happy to tell a researcher that my password was "scr3wball" in return for £5 worth of loot. It's not, of course, but how exactly are they going to know that?

is always the md5 of the site name prepended with P45sw0rd.

Can I have my £5 voucher / chocolate bar please...

Anyone test any of the passwords they got?

So you're saying that 40% of those surveyed are too dim to make up a fake password for a £5 voucher? These alleged surveys keep coming up and the same claims are made, without anyone (from the people doing the survey to the journalists who uncritically reproduce the results) apparently considering that 56.98% of people[1] will tell porkies to get free stuff.

Offer me money/vouchers/chocolate/booze and I'll happily give you lots of passwords. I can't promise that any of them will get you anywhere, but they will be passwords...

Of course, it's quite possible that 78.21%[2] of those handing over passwords were completely silly, and gave real ones, but there's no real way of telling, is there?

[1] I'm sure that figure is right. Somebody did a survey....

[2] There was a survey about that, too. Probably

Yes, I phone up companies and tell them the numbers on this card thing in my wallet, in return they send me free stuff, works everytime.

Right, must rush. I have an appointment with my bank manager at lunch, something about an account being massively overdrawn, whatever that means.

Anonymous Coward:

"Another useless survey just so someone can crunch a few numbers"

Actually it's a cunning plan by Marks and Spencer's to get the newspapers to namecheck them in "serious and hard-hitting" news articles.

See, Reg, they'd stop if you called it a "high street shopping voucher" or something. If they want to advertise here, make them pay *you*, not some spotty student with a clipboard.

Even if lots of people do make up stuff to get the voucher, surely statistically (and i normally hate stats like this), some people WILL give their real details.

Either way, its difficult to find out whether people really would or would not do this, so lets conclude that ALL users are not to be trusted in a companies network. Then provide users with access only where necessary. ... oh wait thats the idea behind network security.

So basically since user x SAYS they will give their password away for a fiver, then you have to assume they would and treat them as such.

... because, frankly, a £5 M&S voucher is damn all use.

Now if it was a bar of chocolate, I'd be happy to give you all the passwords you want.

(Of course whether they're actually the real ones is another matter...)

What is the world coming to? For one thing, it seems every commenter on this site is willing to tell a barefaced lie for a very small benefit, and with no regard to the resulting skewed socialogical and scientific data.

I am even more shocked by the apparent lack of shame regarding this dishonest activity. It is one thing to be dishonest, it is another to brag about it on a public forum and with your real name. Mr. Graham Wood, I hope you are ashamed of yourself.

I missed out - if they asked me, I'd have said my password was tw@dangle !

Mine's the one without the £5 M&S voucher

Look at it another way: anyone who has worked desktop support knows that you can on a variety of server systems reset a user's password to enable the techie to login with their credentials. However, it's a lot easier if the techie simply asks for the user's password then logs in without changing it. Of course, they'll neglect to flag that the password should be changed afterwards...

So what's stopping these techies taking a poke at a little identity theft themselves? Only trust. With that fresh in your mind, ask yourself again: do you really credit over 60% of londoners surveyed with the grey matter to make it all up, or do you think it more likely that they simply were approached on the street and thought "no harm done" when they dished out their password?

I'm betting on an even 50/50 split myself.

Grow a sense of humour ya boring old fart. Never heard of a bit of fun? Obviously the statistics will be skewed and the people conducting the survey aren't idiots. They'll know that people will just be making up a password when it begins with "err" or "erm". Whatever i'd definitely make on up. Nice one Graham Wood!

Honestly, it's completely worthless Symantec PR. Even Paris would no doubt give them a fake password, and surely they must realise that. What's actually strange is that 40% of people didn't bite and tell them a phony password. Here they can have my password - it's IJustMadeThisUpAndItWon'tWorkOnAnyOfMyAccountsOrFiles. Can I have my £5 M&S voucher then please?

The survey is completely flawed of course.

But clearly, there are a lot of people willing to give their Yahoo! or Google password to facebook, in order for it to go and interrogate their address books. And so on for a dozen other social networking sltes. There are lot of very trusting people out there.

I would cheerfully tell someone a false password forming scheme in exchange for an M&S voucher. You can always exchange it for "not just" M&S chocolate and underwear for Paris Hilton.

Argh! Too many virtually identical and off-topic comments!

The real point in this article is the "double standards" issue. It's a point I put to several friends earlier in the year when cases of lost personal data were making the headlines: in general, the average person is careless about account security, whether through using easy passwords and PINs, sharing passwords, letting keyloggers etc. onto their computers (or using web cafés for banking and such), clicking links in phishing e-mails, and so on. Yet they expect to remain blameless for any consequences, or, furthermore, to be bailed out at the expense of their bank (or whoever) when someone steals their money/identity.

I can't believe anyone, even places like the Sun, would 'report' such blatant BS. So I am especially surprised at seeing it here.

Stories like these absolutely infuriate me. I think the only purpose is to give the public an ego boost as they spot the major problems with such a study ??

I agree with Andrew. That I find interesting..

When these companies do "surveys" in order to put out a press release and get their name in the paper, why not go through and change Symantec to "a data security company".

If all media did that, the firms would stop doing it and we'd get more real news.

Keep it up, for the 20% that believe their own data is safe. We've all lost control of our data many times, from addresses or medical records to creditworthiness, and can only hope that those who collect it aren't sheep, black or any other colour.

The double standard observed in the survey is akin to the well documented one of risk-taking. Joe Public accepts high risks under his own control, such as smoking or driving motor cycles. Where he has no control, he objects to much smaller risks, like a vaccine campaign.

The great British public have a collective IQ equivalent to an empty can of salmon!

What more does one expect?