I am researching common Social Engineering practices to support a proposed change to my companies AUP. One reply I received, from a programmer I haven’t talked to since my college days, is listed below. Even though this is published in Tech humor, Please remember that no matter how tight your security is – a user can set you back months with a simple statement.

This is my friend’s story:

Years ago as an IT consultant I was assigned is to write and install a mortgage application program for this local bank.

When the client software was ready, I make an appointment to install it on 30 machines at the bank's main branch and on the appointed day, I go to the bank lobby and walk up to a teller.

"I'm the computer guy and need to install a mortgage application for the finance department".

The teller points me to a security guard. "I'm the computer guy and need to install a mortgage application for the finance department".

The guard directs me to the finance department on the second floor. At the first occupied desk I again say, "I'm the computer guy and need to install a program on your PC. May I have your password?"

And at all 30 desks, without fail, the employees tell me their passwords and turn their PCs over to me-- without asking for identification or even my full name.

When I’m finished with the install, I ask to speak with whoever is responsible for security.

The V.P. in charge calls me to his office and I say, "I just walked into the bank and not a single person asked me my name, company or for any identification". "And every single person freely gave me their password. All I had to say was 'I'm the computer guy and need to install a program on your PC. May I have your password'?"

"Well, they may have given you their password," VP says, "but you don't know our system and wouldn't be able to access anything confidential."

”Let me demonstrate how easy is can access confidential information on your computer. I just need your password."

Minutes later, after I closed my personal account at the bank from the VP's computer, I turn to walk out the door.

"But how were you able to figure out our system so quickly”? Asks the VP.

Simple, "Because I'm the computer guy!"

Months later the VP's password and username were still the same!