Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Thursday May 17 2018, @04:12PM   Printer-friendly
from the check-the-code-on-my-luggage dept.

Submitted via IRC for Fnord666

A study carried out at a college in the Philippines shows that students with better grades use bad passwords in the same proportion as students with bad ones.

The study's focused around a new rule added to the National Institute of Standards and Technology (NIST) guideline for choosing secure passwords —added in its 2017 edition.

The NIST recommendation was that websites check if a user's supplied password was compromised before by verifying if the password is also listed in previous public breaches.

If the password is included in previous breaches, the website is to consider the password insecure because all of these exposed passwords have most likely been added to even the most basic password-guessing brute-forcing tools.

What researchers from the Asia Pacific College (APC) have done was to take their students' email addresses associated with school accounts and check and see if the students' passwords had been leaked in previous breaches, correlating the final results with their GPA (grade point average).

All data such as names and passwords were hashed to protect students' privacy and personal information. Researchers checked students' passwords against a massive list of over 320 million passwords exposed in previous breaches and collected by Australian security researcher Troy Hunt, maintainer of the Have I Been Pwned service.

The results showed similar percentages of students across the GPA spectrum that were using previously exposed passwords —considered weak passwords and a big no-no in NIST's eyes.

Percentages varied from 12.82% to 19.83%, which is an inconclusive result to show a clear differentiation between the password practices of "smarter" kids when compared to the rest.

Source: https://www.bleepingcomputer.com/news/security/smarter-people-don-t-have-better-passwords-study-finds/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by frojack on Thursday May 17 2018, @07:19PM (2 children)

    by frojack (1554) on Thursday May 17 2018, @07:19PM (#680846) Journal

    Actually, you are lucky you remained employed there long enough to run the cracker a second time.
    What you did was probably a crime, even back then. It would have been a crime in the State I was located in at that time.

    That cracker can crack a password does not necessarily make it a bad password, it just means you have too much time at your disposal.
    Firing offense at the least.

    --
    No, you are mistaken. I've always had this sig.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by Snotnose on Thursday May 17 2018, @08:25PM (1 child)

    by Snotnose (1623) on Thursday May 17 2018, @08:25PM (#680870)

    First off, I was the sysadmin with responsibility to keep the network running and safe. Second, management knew I was running it.

    --
    Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.
    • (Score: 0) by Anonymous Coward on Friday May 18 2018, @12:02AM

      by Anonymous Coward on Friday May 18 2018, @12:02AM (#680937)

      And third, it's only illegal if you gain unauthorized access. Simply cracking a password isn't illegal. Using it without permission is.