It's silly -- and sexist -- season again, as a European security conference lets us know, as it does every year, just how easy it is to acquire passwords from workers. Namely, how many passwords can you get in exchange for a bit of chocolate?Infosecurity Europe 2008, being held April 22-24 in London, offers a "survey" of close to 600 office workers -- cornered outside a tube station -- each asked to fill out a form, which included the request for their password, in exchange for a candy bar.

Breaking this year's news with the (one assumes deliberately) provocative headline, Women 4 times more likely than men to give passwords for chocolate , Infosecurity found this year's results actually dramatically better than previous years.

While "45% of women versus 10% of men [were]prepared to give away their password, to strangers masquerading as market researches [sic] with the lure of a chocolate bar as an incentive for filling in the survey," only 21 percent of the 576 respondents were willing to surrender their password, down from over 60 percent last year.

And that, in turn was down from 2004, when three-quarters of the people "surveyed" were willing to share their passwords.

Whether or not the improvement is a result of better security education -- or just the result of the amount of publicity the password for chocolate survey has received over the years is hard to say.

And of course the bigger problem is password availability that doesn't require a chocolate bar at all. More than half of the respondents to the false survey said they would reveal their password over the phone if the caller claimed to be from the IT department.

I wonder how such a sweet-cheat survey would work here, considering the generally held belief that European chocolate bars are better, and perhaps more pasword persuasive, than American.