The poll was conducted at Liverpool Street Station in London, where the poll-takers masqueraded themselves as market researchers. For the lure of a piece of chocolate, 21 percent of people divulged their passwords with women doing so four times as often. Infosecurity Europe said the survey's results were good, considering last year 64 percent of people gave away their password for chocolate.
Nevertheless, people questioned continued to give out sensitive information that criminals could abuse. Sixty-one percent of those questioned gave out their name and their date of birth.
"Once a criminal has your date of birth, name, and phone number, they are well on their way to carrying out more sophisticated social engineering attacks on you," said Claire Sellick, event director of Infosecurity Europe, "such as pretending to be from your bank or phone company and extracting more valuable information that can be used in ID theft or fraud."
Researchers also discovered that peoples' password use created multiple vulnerabilities as more than half use one password for everything - work, banking, and web, among other things.
When the discussion turned to password security at work, the results weren't much better.
Half said that they know their colleagues passwords and 58 percent said they would divulge their password if someone called them claiming to be from the company's IT department. More than 40 percent of respondents said they rarely, if ever, change their work passwords. Thirty-five percent said someone, likely a personal assistant or the IT department, knew the CEO's password.
Sellick believes these practices could easily allow a criminal access to an organization's sensitive data by infiltrating an office.
"This research shows that it's pretty simple for a perpetrator to gain access to information that is restricted by having a chat around the coffee machine, getting a temporary job as a PA or pretending to be from the IT department," she said. "This type of social engineering technique is often used by hackers, targeting a specific organization with valuable data or assets such as a government department or a bank."