Re: Interesting Research

["Laverty, Patrick" <patrick_laverty () BROWN EDU>]

I would also say to not participate in this research.

If you really want to test whether your students are adhering, then do some
password cracking of the stored hashes. Or at a minimum, hash some really
weak passwords, and compare those hashes to what your students are using.
And if you want to know if some of your students have chosen weak
passwords, the answer is yes. :)



On Tue, Apr 2, 2019 at 4:11 PM King, Ronald A. <raking () nsu edu> wrote:

> Fellow security pros,
>
>
>
> I have an interesting research request come in my inbox today. A
> researcher wants to setup a portal for students to self-register with a
> username and password. The kicker is passwords will be stored in plain text
> and collected. The premise is to gauge whether students are actually
> adhering to suggested practices in password design.
>
>
>
> My first reaction is “(heck) no,” but I realize I may be overreacting. So,
> I decided to see if anyone has dealt with this kind of research and how you
> handled it.
>
>
>
> While I see the value in the research, my security senses tell me students
> will be using their standard password they use for everything. Thus big
> risk.
>
>
>
> Feel free to contact me directly.
>
>
>
> Thank you,
>
> Ron
>
>
>
> *Ronald King*
>
> *Chief Information Security Officer*
>
>
>
> *Office of Information Technology*
>
> (757) 823-2916 (Office)
>
> raking () nsu edu
>
> www.nsu.edu
>
> @NSUCISO (Twitter)
>
> [image: NSU_logo_horiz_tag_4c - Smaller]