Analysing real students' passwords and students' passwords characteristics received from a questionnaire

Abstract

Measuring strength of passwords is important in order to ensure the security of password-based authentication. Since passwords are still the most widely used method for authentication, there has been a considerable research on passwords and password strength. Yet, studies related to password still lack of access to plaintext passwords that are created under a specific password policy. Our research explores the connection between real students' passwords used for managing students' university account and students' passwords characteristics received through a questionnaire. The objective of this paper is to explore whether the characteristics of passwords received through a questionnaire are in line with real university passwords. We analyze real students' university passwords, using access to plaintext of these passwords, and compare the results to the ones as reported by students of the Faculty of Tourism and Faculty of electrical engineering and computer science, collected through the questionnaire. We find that there is a significant connection between the reported and the directly analyzed university passwords for the Faculty of Tourism, but no significant connection for the Faculty of electrical engineering and computer science. Our results for the Faculty of electrical engineering and computer science suggest that students' answers to our questionnaire regarding password characteristics are not in-line with actual university passwords collected in plaintext.