Please don't shoot the messenger.

According to Infosecurity Europe, 10% of men -- but 45% of women -- were willing to give personally identifiable information to a complete stranger when approached outside Liverpool Street Station in London.

But, wait, it gets worse: The fake researchers asking for the information were offering chocolate bars as an incentive to participate.

The press release is dated April 16, so I'm thinking it's unlikely to be an April Fools joke. There was some good news, however:

This year's survey results were significantly better than previous years. In 2007 64% of people were prepared to give away their passwords for a chocolate bar, this year it had dropped to just 21% so at last the message is getting through to be more infosecurity savvy. The researchers also asked the office workers for their dates of birth to validate that they had carried out the survey; here the workers were very naïve with 61% revealing their date of birth. Another slightly worrying fact discovered by researchers is that over half of people questioned use the same password for everything (e.g. work, banking, web, etc.)

I know what you're thinking: No surprise there. Nor here.

Workers were also queried about their use of passwords at work, half said that they knew their colleagues passwords and when asked if they would give their passwords to someone who phoned and said they were from the IT department, 58% said they would. Researchers also asked workers if they thought other people in their company knew their CEO's password. Thirty-five percent of them thought that someone else did with personal assistants and IT staff being the most likely suspects.

This type of ruse has been perpetrated before, of course, as in this example featuring the Internal Revenue Service (bet they're both distracted and vulnerable this week). Nevertheless, it's always striking to see exactly how much additional work needs to be done before the average Joe and Josephine will become more guarded about this stuff.