Mar 21 2012

The First Rule of Security: Do Not Talk About Your Password

Tripwire tests RSA conference goers on this basic tenet of IT security.

The first rule of info security: You do not share your password

The second rule of info security: You do not share your password

Forgive the homage to Brad Pitt's character from Fight Club, but sometimes an important message just can't be repeated often enough.

One of the easiest ways for criminals and hackers to get what they want from users is to simply ask for it. At least that’s the approach that David Spark of Tripwire took as he went up to attendees at the RSA Conference and asked them to supply him with their password.

Most respondents rightfully balked at such foolishness, but a few actually revealed what their passwords were without saying the actual password. For example, one attendee said her password was her dad’s birthday. Great, so now all a hacker needs to do is look her up on Facebook, follow the link to her dad, who very likely is listed on her page as her father, and check out the birthday info on his profile. Easy, breezy, breached.

Others laughingly said silly passwords like “password1,” but don’t laugh too hard. “Password” was actually the most successfully hacked password of 2011, so even if these RSA attendees aren’t actually using this predictable password, far too many other people are.

Watch the video from Tripwire below: