The vast majority of Americans are all too willing to give up private information that could be used to guess online account names and passwords, a security firm said Monday, showing that the threat of identity theft hasn't yet sunk in.

RSA Security lured consumers with a bogus survey on New York City tourism and the promise of gift certificates. Official-looking pollsters in the city's Central Park asked questions ranging from the mundane -- "Is this your first visit to New York City?" -- to the personal -- "What's your mother's maiden name?" -- to duplicate how phishing attacks dupe users with real logos and industry lingo.

More than 70 percent of those polled gave up their mother's maiden name -- a potential goldmine, since it's often used to confirm identities or demanded in a password reset -- while over 90 percent handed over their place and date of birth. More than half told the pollsters how they come up with online passwords.

"A lot of personal information actually functions like a password and, as such, needs to be robustly protected," said Chris Young, vice president of consumer authentication at RSA in a statement. "With a bit of sleuthing, motivated phishers can guess a password by having [a victim's] address and trying combinations that assume he's a fan [of a particular sports team]. Our survey reminds us that we all need to be more aware of such vulnerabilities, and take precautions."

Young advised consumers to keep all aspects of their password-creation methodology, as well as all personal information, as secret as possible. He also recommended that users rely on a variety of passwords, not the same one for all accounts or access.