Revealing your passwords at the video shop.

On Thursday night myself and a friend were at the video shop. When we got to the counter we were asked for the password on the account. My friend tried one password and that was incorrect. They then tried three or four other passwords and those were also incorrect. In the end it was a trick question, the guy at the counter was just testing.

It occurs to me that this is a brilliant user engineering attack for hackers. Get a job as a video store clerk then get users to reveal a range of their passwords. You already have all their other details on file such as their address, date of birth and even the video preferences might be quite revealing.

What do you think the chances are of one of those passwords being for something valuable like a work user account, bank login, or eBay account? I’d say high for a lot of people struggling to keep track of multiple passwords in the digital age.

5 thoughts on “Revealing your passwords at the video shop.

  1. Darren Neimke

    LOL, so true. I don’t even know why they have passwords. I can never remember mine and so trips to the video store almost always result in ‘them telling me’ my own password!

  2. Jason Stangroome

    Mitch,

    It’s for this reason the password I use for the video store is not used for anything else.

    I’m equally amazed when someone is placing a phone order and reads their credit card details out with lots of people about. What stops a passerby from writing it down?

    Regards,


    Jason

  3. Al

    No where near enough people are aware of the security implications; hence phishing attacks and the like I suppose.

    I think it’d be an excellent educational exercise to start informing people that they need different levels of passwords, ala things that they’ll give out freely to a video shop versus things that they absolutely won’t provide to things such as bank accounts.

  4. Will

    Yeah, there’s plenty of these social engineering tricks.

    I actually worked at a company where we were calling customers and asking them to give out their DOB and account password to ‘verify your identity’ before discussing information about their account.

    It was all quite legitimate, but none of the managers could understand why I was saying this was a bad idea. Out of the hundreds of calls made per day, I’d estimate only about one a month would actually refuse to provide that information on request. I honestly would not be suprised by the amount of information you could get people to supply.

  5. Daniel Ben-Sefer

    What about when you call Westpac (or other institution) for support and they ask you for your 8 digit customer number followed by your three digit access code. They are always surprised when I tell them that I do not want to give it to them as ‘somebody might be listenting’.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s