
It's official, Corporate Passwords Are Cheap - voodoochilo
https://www.net-security.org/secworld.php?id=12710
======
planb
I would guess most employees even give away their passwords for free, by just
using the same one for every account they sign up for - you would just need to
guess the correct username for their corporate account...

~~~
TazeTSchnitzel
Which is likely to be their name, following the same format as other corporate
accounts.

------
JosephRedfern
I think it's important to note the difference between giving away your
password, and allowing others to access your information. I'd give someone my
password for £10 if I could instantly change it to something else - But it
would take a heck of a lot more for me to allow someone to access my files &
identity.

~~~
ShabbyDoo
Yes. The article didn't mention whether the identity of the seller would be
sold as well. Knowing that a person exists in the world whose corporate
password is "FuzzieBunn1" isn't a terribly useful piece of information.
Furthermore, did survey participants perceive that there might be some risk of
being caught selling access to one's company? In most countries, doing so must
be a crime of some sort. In general, I'm skeptical of the survey.

------
zipdog
The poll numbers are pretty meaningless without some further info or
breakdowns. How many of these are Tesco/Walmart employees? Or at companies
with card swipe entrances? I'm not saying someone couldn't use a password in
that scenario beneficially, but it changes the dynamic compared to a VPN
password for someone with the authority to approve large transactions.

I'd mostly guess that no-one is offering to sell a (to them) meaningful
business password on the cheap, but perhaps they underestimate what could be
done with it. Or perhaps they see their IT or building infrastructure as
sufficient to catch unauthorized people standing at the tills, or at desks
(and they may be underestimating again how straightforward it can be)

------
devicenull
The "survey" was apparently paid for by a company that does corporate identity
management. Is it any surprise they got the results that would motivate people
to buy their product?

------
neilwillgettoit
solution: log in via Facebook for corporate.

