Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.misc > #15925 > unrolled thread

[CM] study: no correlation between intelligence and password strength

Back to article view | Back to comp.misc

Contents

  [CM] study: no correlation between intelligence and password strength RS Wood  <rsw@therandymon.com> - 2018-05-17 11:59 +0000
    Re: [CM] study: no correlation between intelligence and password strength Richard Kettlewell <invalid@invalid.invalid> - 2018-05-17 13:27 +0100
      Re: [CM] study: no correlation between intelligence and password strength Shadow <Sh@dow.br> - 2018-05-17 11:23 -0300
      Re: [CM] study: no correlation between intelligence and password strength Paul Sture <nospam@sture.ch> - 2018-05-18 19:43 +0200
        Re: [CM] study: no correlation between intelligence and password strength Paul Sture <nospam@sture.ch> - 2018-05-18 19:54 +0200
          Re: [CM] study: no correlation between intelligence and password strength Marko Rauhamaa <marko@pacujo.net> - 2018-05-18 21:50 +0300
            Re: [CM] study: no correlation between intelligence and password strength not@telling.you.invalid (Computer Nerd Kev) - 2018-05-18 23:25 +0000
              Re: [CM] study: no correlation between intelligence and password strength Richard Kettlewell <invalid@invalid.invalid> - 2018-05-19 08:09 +0100
                Re: [CM] study: no correlation between intelligence and password strength Marko Rauhamaa <marko@pacujo.net> - 2018-05-19 11:15 +0300
    Re: [CM] study: no correlation between intelligence and password strength Mike Spencer <mds@bogus.nodomain.nowhere> - 2018-05-18 22:54 -0300

#15925 — [CM] study: no correlation between intelligence and password strength

From the «you be me, i'll be you» department:
Title: Smarter People Don't Have Better Passwords, Study Finds
Author: help@slashdot.org
Date: Tue, 15 May 2018 17:41:00 -0400
Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/KtHJcXda-9o/smarter-people-dont-have-better-passwords-study-finds

An anonymous reader shares a report: A study carried out at a college in the
Philippines shows that students with better grades use bad passwords in the
same proportion as students with bad ones. The study's focused around a new
rule added to the National Institute of Standards and Technology (NIST)
guideline for choosing secure passwords -- added in its 2017 edition. The NIST
recommendation was that websites check if a user's supplied password was
compromised before by verifying if the password is also listed in previous
public breaches. If the password is included in previous breaches, the website
is to consider the password insecure because all of these exposed passwords
have most likely been added to even the most basic password-guessing
brute-forcing tools.

[image 2][2][image 4][4][image 6][6]

Read more of this story[7] at Slashdot.
[image 8]

Links:
[1]: http://twitter.com/home?status=Smarter+People+Don't+Have+Better+Passwords%2C+Study+Finds%3A+http%3A%2F%2Fbit.ly%2F2IlW0sE (link)
[2]: https://a.fsdn.com/sd/twitter_icon_large.png (image)
[3]: http://www.facebook.com/sharer.php?u=https%3A%2F%2Ftech.slashdot.org%2Fstory%2F18%2F05%2F15%2F196222%2Fsmarter-people-dont-have-better-passwords-study-finds%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook (link)
[4]: https://a.fsdn.com/sd/facebook_icon_large.png (image)
[5]: http://plus.google.com/share?url=https://tech.slashdot.org/story/18/05/15/196222/smarter-people-dont-have-better-passwords-study-finds?utm_source=slashdot&utm_medium=googleplus (link)
[6]: https://www.gstatic.com/images/icons/gplus-16.png (image)
[7]: https://tech.slashdot.org/story/18/05/15/196222/smarter-people-dont-have-better-passwords-study-finds?utm_source=rss1.0moreanon&utm_medium=feed (link)
[8]: http://feeds.feedburner.com/~r/Slashdot/slashdot/~4/KtHJcXda-9o (image)

[toc] | [next] | [standalone]

#15926

RS Wood <rsw@therandymon.com> quotes:
> An anonymous reader shares a report: A study carried out at a college
> in the Philippines shows that students with better grades use bad
> passwords in the same proportion as students with bad ones.

The conclusion stated in the study seems to be the opposite.

-- 
https://www.greenend.org.uk/rjk/

[toc] | [prev] | [next] | [standalone]

#15927

On Thu, 17 May 2018 13:27:38 +0100, Richard Kettlewell
<invalid@invalid.invalid> wrote:

>RS Wood <rsw@therandymon.com> quotes:
>> An anonymous reader shares a report: A study carried out at a college
>> in the Philippines shows that students with better grades use bad
>> passwords in the same proportion as students with bad ones.
>
>The conclusion stated in the study seems to be the opposite.

+1

https://www.bleepstatic.com/images/news/u/986406/Research/Passwords-exposed-table.png

Maybe they should be testing the interpreter's IQs.
	;)
	[]'s

	
-- 
Don't be evil - Google 2004
We have a new policy  - Google 2012

[toc] | [prev] | [next] | [standalone]

#15930

On 2018-05-17, Richard Kettlewell <invalid@invalid.invalid> wrote:
> RS Wood <rsw@therandymon.com> quotes:
>> An anonymous reader shares a report: A study carried out at a college
>> in the Philippines shows that students with better grades use bad
>> passwords in the same proportion as students with bad ones.
>
> The conclusion stated in the study seems to be the opposite.
>

The headline of the article in The Register indicated the opposite:

<https://www.theregister.co.uk/2018/05/10/smart_people_passwords/>

    Bombshell discovery: When it comes to passwords, the smarter
    students have it figured
    If by 'smart' you mean one who 'gets good grades'

-- 
In a time of drastic change it is the learners who inherit the future.
The learned usually find themselves equipped to live in a world that no
longer exists.                                           –– Eric Hoffer

[toc] | [prev] | [next] | [standalone]

#15931

["Followup-To:" header set to comp.misc.]
On 2018-05-18, Paul Sture <nospam@sture.ch> wrote:
> On 2018-05-17, Richard Kettlewell <invalid@invalid.invalid> wrote:
>> RS Wood <rsw@therandymon.com> quotes:
>>> An anonymous reader shares a report: A study carried out at a college
>>> in the Philippines shows that students with better grades use bad
>>> passwords in the same proportion as students with bad ones.
>>
>> The conclusion stated in the study seems to be the opposite.
>>
>
> The headline of the article in The Register indicated the opposite:
>
><https://www.theregister.co.uk/2018/05/10/smart_people_passwords/>
>
>     Bombshell discovery: When it comes to passwords, the smarter
>     students have it figured
>     If by 'smart' you mean one who 'gets good grades'

The paper's author joins the discussion in the comments section to
that Register article:

<https://forums.theregister.co.uk/forum/1/2018/05/10/smart_people_passwords/>

If you skip to his last comment at

<https://forums.theregister.co.uk/forum/1/2018/05/10/smart_people_passwords/#c_3512600>

we find what he was trying to prove:

    "In the end, repeated experiments and studies (across more
    institutions) would likely converge on my original (planned)
    conclusion - the reasons for weak passwords are more psychological
    than intellectual."


-- 
In a time of drastic change it is the learners who inherit the future.
The learned usually find themselves equipped to live in a world that no
longer exists.                                           –– Eric Hoffer

[toc] | [prev] | [next] | [standalone]

#15932

Paul Sture <nospam@sture.ch>:
> we find what he was trying to prove:
>
>     "In the end, repeated experiments and studies (across more
>     institutions) would likely converge on my original (planned)
>     conclusion - the reasons for weak passwords are more psychological
>     than intellectual."

The reason is that passwords are a terrible user interface.

How do I get into the office? By typing a password? No, by waving an
RFID key. That's what I call a good user interface.


Marko

[toc] | [prev] | [next] | [standalone]

#15933

Marko Rauhamaa <marko@pacujo.net> wrote:
> Paul Sture <nospam@sture.ch>:
>> we find what he was trying to prove:
>>
>>     "In the end, repeated experiments and studies (across more
>>     institutions) would likely converge on my original (planned)
>>     conclusion - the reasons for weak passwords are more psychological
>>     than intellectual."
> 
> The reason is that passwords are a terrible user interface.
> 
> How do I get into the office? By typing a password? No, by waving an
> RFID key. That's what I call a good user interface.

For that situation. Imagine if you had to have as many RFID keys as
passwords (I'm assuming, for the same reasons as with passwords,
that you don't want to use the same one for more than one service).

-- 
__          __
#_ < |\| |< _#

[toc] | [prev] | [next] | [standalone]

#15936

not@telling.you.invalid (Computer Nerd Kev) writes:
> Marko Rauhamaa <marko@pacujo.net> wrote:
>> Paul Sture <nospam@sture.ch>:
>>> we find what he was trying to prove:
>>>
>>>     "In the end, repeated experiments and studies (across more
>>>     institutions) would likely converge on my original (planned)
>>>     conclusion - the reasons for weak passwords are more psychological
>>>     than intellectual."
>> 
>> The reason is that passwords are a terrible user interface.
>> 
>> How do I get into the office? By typing a password? No, by waving an
>> RFID key. That's what I call a good user interface.
>
> For that situation. Imagine if you had to have as many RFID keys as
> passwords (I'm assuming, for the same reasons as with passwords,
> that you don't want to use the same one for more than one service).

So your physical token uses asymmetric signatures...

-- 
https://www.greenend.org.uk/rjk/

[toc] | [prev] | [next] | [standalone]

#15937

Richard Kettlewell <invalid@invalid.invalid>:
> not@telling.you.invalid (Computer Nerd Kev) writes:
>> Marko Rauhamaa <marko@pacujo.net> wrote:
>>> How do I get into the office? By typing a password? No, by waving an
>>> RFID key. That's what I call a good user interface.
>>
>> For that situation. Imagine if you had to have as many RFID keys as
>> passwords (I'm assuming, for the same reasons as with passwords,
>> that you don't want to use the same one for more than one service).
>
> So your physical token uses asymmetric signatures...

Precisely. There's no security reason to use different identities for
different services. There might be other reasons, and for that you can
have multiple physical keys or a physical key that can assume many
identities.


Marko

[toc] | [prev] | [next] | [standalone]

#15935

RS Wood  <rsw@therandymon.com> writes:

> From the "you be me, i'll be you" department:
> Title: Smarter People Don't Have Better Passwords, Study Finds
> Author: help@slashdot.org
> Date: Tue, 15 May 2018 17:41:00 -0400
> Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/KtHJcXda-9o/smarter-people-dont-have-better-passwords-study-finds
> 
> [snip]
>
> The NIST recommendation was that websites check if a user's supplied
> password was compromised before by verifying if the password is also
> listed in previous public breaches. If the password is included in
> previous breaches, the website is to consider the password insecure
> because all of these exposed passwords have most likely been added
> to even the most basic password-guessing brute-forcing tools.

Won't that hasten us back to the state emerging from the old joke such
that after applying Rules #1 to #387 governing allowable n-character
passwords, there is only one n-character string that conforms?  For all
$BIGNUM users?

-- 
Mike Spencer                  Nova Scotia, Canada

[toc] | [prev] | [standalone]

Back to top | Article view | comp.misc

csiph-web