This article is more than 1 year old
Bombshell discovery: When it comes to passwords, the smarter students have it figured
If by 'smart' you mean one who 'gets good grades'
Students who get good grades have better passwords than their less academically successful peers, though this finding should be considered alongside several caveats.
JV Roig, consulting director and software developer at Asia Pacific College (APC) in the Philippines, wanted to find out whether school smarts had any bearing on password quality.
So he compared security researcher Troy Hunt's Have I Been Pwned? data, a list of 320 million exposed password hashes, with password hashes from APC's 1,252 students.
It turns out that 215 of the student password hashes had a match in Hunt's database. This indicates that they were using unsafe passwords that had been compromised at some point in time over the past few years.
Roig then grouped the students by GPA to determine whether those with higher GPAs would have fewer compromised passwords.
And indeed, there was some correlation.
Password re-use is dangerous, right? So what about stopping it with password-sharing?
READ MORE"...If we only take into account students with a GPA of at least 3.5, only 12.82 per cent of them use compromised passwords, which compares favorably to the population average of 17.17 per cent," Roig wrote in a research paper posted to ArXiv on Wednesday. "Looking at students with a minimum GPA of 3.0 results in 15.29 per cent compromised passwords, which is significantly closer to the population average."
Roig concludes that the academically inclined do seem to have better passwords than peers who don't score as well in school.
But he cautions that GPA isn't necessarily a measure of intelligence, that a password can be absent from Hunt's dataset and still be weak and that the sample population used for this study may be too small to conclude anything and may be biased in some way.
"This shouldn’t be taken as the end-all or be-all of whether smarter people have better passwords, but merely one interesting data point in what could be an interesting series of further experiments," he said. ®