Half of employees would sell work passwords for a few bucks

Most companies value their security, with larger organisations spending millions of dollars every year to protect their networks and shield their secrets from the prying eyes of the outside world. But the weakest link in a network is often its users, with administrators and IT professionals across the world wearily working to ensure that the silly mistakes of users don’t have larger repercussions for the broader network infrastructure, or for the companies that they serve.

But even while a multibillion dollar global industry continues to grow around the need to establish and maintain robust corporate security, a startling new survey has revealed that most employees fail to understand the value of the role that they play in keeping their companies secure.

The Telegraph revealed that cloud security company, Ping Identity, conducted a survey of British workers, and found that 48% of those questioned would reveal their company password for just £5 GBP ($8 USD / €6 EUR) or less, with almost two-thirds of these having no problem revealing their corporate login details for only £1 ($1.60 / €1.20).

While almost half of those employees clearly place very little value on their business login details, a third of those surveyed said they would expect at least £50 ($80 / €60) to reveal their Facebook login details. Ping’s John Fontana noted this as a concern: “The fact that personal identity is being rated higher than corporate identity has worrying implications for the safety of a business’ intellectual property and brand reputation.”

Just 30% of those surveyed were adamant that they would never sell those details for any amount, but a third of all respondents confessed that they had already supplied their corporate login details to a third party.

In addition to staff selling their details for next to nothing, poor security practice is another failing to which respondents admitted, with 60% saying that they had written their passwords down. Last month, we reported on Trustwave’s 2012 Global Security Report, which found that ‘password’ and ‘password1’ were among the world’s most popular passwords currently in use.

Report a problem with article
Previous Story

Classic adventure game makers launch Kickstarter projects

Next Story

Acer working on Windows Phone 8 QWERTY slider?

23 Comments

Commenting is disabled on this article.

Companies deserve the security implications of users writing down their password when they enforce complicated passwords that need to be changed far too frequently and can't be re-used for 2 years +.

Given that I'm in the IT department, my passwords are worth more than most employees'. But I would never sell them, much less for something as valueless as money.

htcz said,
Id give it up if I was given the amount of my contract times my salary and then some.

You should put that on your resume.

> “The fact that personal identity is being rated higher than corporate identity has worrying implications for the safety of a business' intellectual property and brand reputation.”

It's not just intellectual property, brand loyalty, an employee's privacy or any of that crap that worries me particularly.

It's already been discussed many times that government systems have some of the worse security. Add to that government employees who obviously place no value on their logins, and you end up with a disaster waiting to happen. Picture an IRS employee not giving a **** about your own data.

smithy_dll said,
I'm surprised more companies don't use token based login systems.

You'd be surprised at how expensive that would be. Licenses for the authentication software and hardware for the keyfobs (and replacements) make it an expensive overhead. Plus, you'd get a load more of 'I forgot the password' questions in the morning (aggh).

imachip said,

You'd be surprised at how expensive that would be. Licenses for the authentication software and hardware for the keyfobs (and replacements) make it an expensive overhead. Plus, you'd get a load more of 'I forgot the password' questions in the morning (aggh).


I setup smartcard login on my PC, the smartcard was £15. The smartcard writer was £40. The NHS uses smartcard logins, they use dell keyboards with readers in them and I bet you they cost a lot compared to normal keyboard.

Facebook released hmac for PHP on github for free with has a corrisponding android and iphone app for it, not sure if they're free or not though.

If a company is good to its employees then it creates loyalty. Most companies don't seem to care for the basic employee and its these people who probably contain most of the companies knowledge and create business. I could never give up any details that had been trusted to me, at the end of the day I will have my morals.

Heh I guess I'm one of those 30% which would never sell their details.

If I was asked at an interview to give my social account login/password, I'd not let them either. Even if that was a deal breaker, I'd walk out.

I guess what shocks me most are those that say they've already supplied their corporate login details to a third party but it would help to actually understand the question asked in that study...

Looks to me like they surveyed the drunks and chavs here if they are willing to sell their passwords for £1-5. Me personally wouldn't sell the security codes to doors and computer systems just seems stupid to lose your job over something unless its something like the council who have loads of computers that are set up with stupid passwords like "letmein" (there job search programs are like that).

As for my facebook password sure i'd sell them the passwords to a fake account not my real one haha. Some people really are dumb if they are willing to give up that information, specially if they have added paypal/credit card details for there games

Xoligy said,
Looks to me like they surveyed the drunks and chavs here if they are willing to sell their passwords for £1-5.

you would be surprised... I know plenty of people who have zero company loyalty. they are too ignorant to understand that the information may be used against the company. The ones that understand this, don't believe ti's their job to protect the company.

I can't think of anything I own or know that I would give away for such little amounts... What are these people making that they value pocket change so much?

So people would be willing to get fired for a few bucks? Most user access authorization forms include a stipulation that says sharing of credentials can result in termination.

Enron said,
So people would be willing to get fired for a few bucks? Most user access authorization forms include a stipulation that says sharing of credentials can result in termination.

It be pretty hard to prove. Unless a receipt is involved, one could always say they guessed the password.

Rohdekill said,

It be pretty hard to prove. Unless a receipt is involved, one could always say they guessed the password.

And considering that people use words like "password" or "password 1" to lock their systems one could also add that "guessing" the password was not such a tedious or difficult task.................
What is most disturbing for me is the little or no value that people seems to give to their privacy; while I do not justify trading corporate information for " a coffee" the idea that personal one are worth " a dinner" is even more troublesome.
Not to mention that giving away your FB PW you give away also your friends data and doing so you betray the trust they put on in you..

If I have to give up my Facebook and Twitter passwords, I don't see why I can't give up my company passwords to those who ask.

Dot Matrix said,
If I have to give up my Facebook and Twitter passwords, I don't see why I can't give up my company passwords to those who ask.

If it were teh same company that asked that you had to leak passwords for, eh, i guess...but youd probably end up the losing party in that whole drama.

In related news, US corps demand your FB password.
I can't say that these are the same corps as tested here, but I bet that said evil doers in the US would have some of so "open" employees, too.
For them I say "karma is a bitch".
Doesn't make it good still, but boy, the irony is intense!

GS:mac

LOL some companies just deserve this. If the company expects the employees to give up their logins during the interview, what makes the company think they wouldn't share similar information about a company.

arclite01 said,
LOL some companies just deserve this. If the company expects the employees to give up their logins during the interview, what makes the company think they wouldn't share similar information about a company.

The FB user/pass scandal was about US corps afaik.
The employees surveyed here are UK residents, so yeah...

Still, see below, there would likely be quite a few in the US, too, who would reveal such information for little money, too.

GS:mac

arclite01 said,
LOL some companies just deserve this. If the company expects the employees to give up their logins during the interview, what makes the company think they wouldn't share similar information about a company.

The funny thing is that you can turn that statement around. If you would give up your company login details for a few bucks, why wouldn't you hand over your Facebook details for a job?