A consulting director at Asia Pacific College (APC) in the Philippines decided to match student GPAs against the strength of their passwords. The findings suggest there is some degree of correlation between smarts and good password hygiene.
JV Roig, who is also a software developer in addition to dispensing his consulting expertise, compared the password hashes from APC’s 1,252 students to the database of leaked passwords maintained by the handy Have I Been Pwned? site created by security researcher Troy Hunt. The database holds a whopping 320 million exposed password hashes resulting from various data breaches over the years. The weakest passwords, and implicitly the most common ones, are found there.
Of the 1,252 students, 215 had a match in the database. Roig then looked at the students’ grade point average (GPA) and found that the lower the student’s GPA, the weaker the password and the greater the chance of it being fount in Hunt’s database.
“If we only take into account students with a GPA of at least 3.5, only 12.82 per cent of them use compromised passwords, which compares favorably to the population average of 17.17 per cent,” Roig wrote. “Looking at students with a minimum GPA of 3.0 results in 15.29 per cent compromised passwords, which is significantly closer to the population average.”
Roig thus determined that students with a higher GPA knew better than to use a weak password, versus students with a low GPA. However, he admitted the disparities were small, and the sample group not very large either.
“This shouldn’t be taken as the end-all or be-all of whether smarter people have better passwords, but merely one interesting data point in what could be an interesting series of further experiments,” he said.
It’s also worth noting that the single student who had a lower than 1.5 GPA also happened to use an unsafe password.