Security?

Now this is how to do a security audit…

More than one-third of Internal Revenue Service employees and managers who were contacted by Treasury Department inspectors posing as computer technicians provided their computer login and changed their password, a government report said Wednesday.

I know that this is an American story, but it’s really international – I’m quite certain that if an auditor in the UK contacted a department in the same way and posed as a technician then a lot of people would give out their passwords without any checking. I know that they would at my last workplace – I had the passwords of about half the IT team, let alone any of the people in, for example, social services.