A study conducted in a college situated in Philipines indicated that students who score higher grades are equally poor at keeping strong passwords as the students who bag lower grades.
The research activity was based on the set new guidelines rolled out by National Institute of Standards and Technology to choose a secure password.
In this study, Asia Pacific College (APC) collected data from students by using a pre-existing research infrastructure facility known as PWR (Password Research).
This facility provided data comprising the names of students along with a pointer marked as “Compromised” and the pointer can have two only values: “TRUE” and “FALSE.”
Here, TRUE denotes that the password used by a particular student already exists in the list compiled by Troy Hunt, the famous web security expert.
For the uninitiated, this list is a compilation of 320 million passwords that have been previously breached and are considered unsafe. And, “FALSE” means that the password is safe and is not found in the list.
Next step in the study involved hooking up the student’s name and pointer with the GPA’s obtained by them. A Lookup table is used for relating the values of pointers with GPAs.
The resultant list had names of students (hashed to maintain anonymity), TRUE or FALSE values and their corresponding GPAs.
When this list was sorted according to GPA, results revealed that percentage of students using leaked passwords does not vary much in terms of GPA.
The percentage varied slightly in the range of 12.82% to 19.83%. Refer the table given below for a detailed report.
It was also found that many students preferred long passwords and the average characters per password is 11.2. More than 98% of the observed students used passwords having 8 or more characters, 50% used passwords with characters equal to or above 10, while 25% subjects used at least 12 characters in their passwords.
However, the study is inconclusive as it is foolish to consider GPAs as a parameter for ‘Smartness’ or ‘Intelligence’. But we can conclude that studious students are not necessarily better than average ones when we are talking about creating safe passwords.