Discussion:
[CM] study: no correlation between intelligence and password strength
(too old to reply)
RS Wood
2018-05-17 11:59:16 UTC
Permalink
Raw Message
From the «you be me, i'll be you» department:
Title: Smarter People Don't Have Better Passwords, Study Finds
Author: ***@slashdot.org
Date: Tue, 15 May 2018 17:41:00 -0400
Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/KtHJcXda-9o/smarter-people-dont-have-better-passwords-study-finds

An anonymous reader shares a report: A study carried out at a college in the
Philippines shows that students with better grades use bad passwords in the
same proportion as students with bad ones. The study's focused around a new
rule added to the National Institute of Standards and Technology (NIST)
guideline for choosing secure passwords -- added in its 2017 edition. The NIST
recommendation was that websites check if a user's supplied password was
compromised before by verifying if the password is also listed in previous
public breaches. If the password is included in previous breaches, the website
is to consider the password insecure because all of these exposed passwords
have most likely been added to even the most basic password-guessing
brute-forcing tools.

[image 2][2][image 4][4][image 6][6]

Read more of this story[7] at Slashdot.
[image 8]

Links:
[1]: http://twitter.com/home?status=Smarter+People+Don't+Have+Better+Passwords%2C+Study+Finds%3A+http%3A%2F%2Fbit.ly%2F2IlW0sE (link)
[2]: Loading Image... (image)
[3]: http://www.facebook.com/sharer.php?u=https%3A%2F%2Ftech.slashdot.org%2Fstory%2F18%2F05%2F15%2F196222%2Fsmarter-people-dont-have-better-passwords-study-finds%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook (link)
[4]: Loading Image... (image)
[5]: http://plus.google.com/share?url=https://tech.slashdot.org/story/18/05/15/196222/smarter-people-dont-have-better-passwords-study-finds?utm_source=slashdot&utm_medium=googleplus (link)
[6]: Loading Image... (image)
[7]: https://tech.slashdot.org/story/18/05/15/196222/smarter-people-dont-have-better-passwords-study-finds?utm_source=rss1.0moreanon&utm_medium=feed (link)
[8]: http://feeds.feedburner.com/~r/Slashdot/slashdot/~4/KtHJcXda-9o (image)
Richard Kettlewell
2018-05-17 12:27:38 UTC
Permalink
Raw Message
Post by RS Wood
An anonymous reader shares a report: A study carried out at a college
in the Philippines shows that students with better grades use bad
passwords in the same proportion as students with bad ones.
The conclusion stated in the study seems to be the opposite.
--
https://www.greenend.org.uk/rjk/
Shadow
2018-05-17 14:23:31 UTC
Permalink
Raw Message
On Thu, 17 May 2018 13:27:38 +0100, Richard Kettlewell
Post by Richard Kettlewell
Post by RS Wood
An anonymous reader shares a report: A study carried out at a college
in the Philippines shows that students with better grades use bad
passwords in the same proportion as students with bad ones.
The conclusion stated in the study seems to be the opposite.
+1

Loading Image...

Maybe they should be testing the interpreter's IQs.
;)
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
Paul Sture
2018-05-18 17:43:08 UTC
Permalink
Raw Message
Post by Richard Kettlewell
Post by RS Wood
An anonymous reader shares a report: A study carried out at a college
in the Philippines shows that students with better grades use bad
passwords in the same proportion as students with bad ones.
The conclusion stated in the study seems to be the opposite.
The headline of the article in The Register indicated the opposite:

<https://www.theregister.co.uk/2018/05/10/smart_people_passwords/>

Bombshell discovery: When it comes to passwords, the smarter
students have it figured
If by 'smart' you mean one who 'gets good grades'
--
In a time of drastic change it is the learners who inherit the future.
The learned usually find themselves equipped to live in a world that no
longer exists. –– Eric Hoffer
Paul Sture
2018-05-18 17:54:34 UTC
Permalink
Raw Message
["Followup-To:" header set to comp.misc.]
Post by Paul Sture
Post by Richard Kettlewell
Post by RS Wood
An anonymous reader shares a report: A study carried out at a college
in the Philippines shows that students with better grades use bad
passwords in the same proportion as students with bad ones.
The conclusion stated in the study seems to be the opposite.
<https://www.theregister.co.uk/2018/05/10/smart_people_passwords/>
Bombshell discovery: When it comes to passwords, the smarter
students have it figured
If by 'smart' you mean one who 'gets good grades'
The paper's author joins the discussion in the comments section to
that Register article:

<https://forums.theregister.co.uk/forum/1/2018/05/10/smart_people_passwords/>

If you skip to his last comment at

<https://forums.theregister.co.uk/forum/1/2018/05/10/smart_people_passwords/#c_3512600>

we find what he was trying to prove:

"In the end, repeated experiments and studies (across more
institutions) would likely converge on my original (planned)
conclusion - the reasons for weak passwords are more psychological
than intellectual."
--
In a time of drastic change it is the learners who inherit the future.
The learned usually find themselves equipped to live in a world that no
longer exists. –– Eric Hoffer
Marko Rauhamaa
2018-05-18 18:50:22 UTC
Permalink
Raw Message
Post by Paul Sture
"In the end, repeated experiments and studies (across more
institutions) would likely converge on my original (planned)
conclusion - the reasons for weak passwords are more psychological
than intellectual."
The reason is that passwords are a terrible user interface.

How do I get into the office? By typing a password? No, by waving an
RFID key. That's what I call a good user interface.


Marko
Computer Nerd Kev
2018-05-18 23:25:19 UTC
Permalink
Raw Message
Post by Marko Rauhamaa
Post by Paul Sture
"In the end, repeated experiments and studies (across more
institutions) would likely converge on my original (planned)
conclusion - the reasons for weak passwords are more psychological
than intellectual."
The reason is that passwords are a terrible user interface.
How do I get into the office? By typing a password? No, by waving an
RFID key. That's what I call a good user interface.
For that situation. Imagine if you had to have as many RFID keys as
passwords (I'm assuming, for the same reasons as with passwords,
that you don't want to use the same one for more than one service).
--
__ __
#_ < |\| |< _#
Richard Kettlewell
2018-05-19 07:09:31 UTC
Permalink
Raw Message
Post by Computer Nerd Kev
Post by Marko Rauhamaa
Post by Paul Sture
"In the end, repeated experiments and studies (across more
institutions) would likely converge on my original (planned)
conclusion - the reasons for weak passwords are more psychological
than intellectual."
The reason is that passwords are a terrible user interface.
How do I get into the office? By typing a password? No, by waving an
RFID key. That's what I call a good user interface.
For that situation. Imagine if you had to have as many RFID keys as
passwords (I'm assuming, for the same reasons as with passwords,
that you don't want to use the same one for more than one service).
So your physical token uses asymmetric signatures...
--
https://www.greenend.org.uk/rjk/
Marko Rauhamaa
2018-05-19 08:15:04 UTC
Permalink
Raw Message
Post by Richard Kettlewell
Post by Computer Nerd Kev
Post by Marko Rauhamaa
How do I get into the office? By typing a password? No, by waving an
RFID key. That's what I call a good user interface.
For that situation. Imagine if you had to have as many RFID keys as
passwords (I'm assuming, for the same reasons as with passwords,
that you don't want to use the same one for more than one service).
So your physical token uses asymmetric signatures...
Precisely. There's no security reason to use different identities for
different services. There might be other reasons, and for that you can
have multiple physical keys or a physical key that can assume many
identities.


Marko

Mike Spencer
2018-05-19 01:54:24 UTC
Permalink
Raw Message
Post by RS Wood
Title: Smarter People Don't Have Better Passwords, Study Finds
Date: Tue, 15 May 2018 17:41:00 -0400
Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/KtHJcXda-9o/smarter-people-dont-have-better-passwords-study-finds
[snip]
The NIST recommendation was that websites check if a user's supplied
password was compromised before by verifying if the password is also
listed in previous public breaches. If the password is included in
previous breaches, the website is to consider the password insecure
because all of these exposed passwords have most likely been added
to even the most basic password-guessing brute-forcing tools.
Won't that hasten us back to the state emerging from the old joke such
that after applying Rules #1 to #387 governing allowable n-character
passwords, there is only one n-character string that conforms? For all
$BIGNUM users?
--
Mike Spencer Nova Scotia, Canada
Loading...