Smarter People Don't Have Better Passwords, Study Finds

An anonymous reader shares a report: A study carried out at a college in the Philippines shows that students with better grades use bad passwords in the same proportion as students with bad ones. The study's focused around a new rule added to the National Institute of Standards and Technology (NIST) guideline for choosing secure passwords -- added in its 2017 edition. The NIST recommendation was that websites check if a user's supplied password was compromised before by verifying if the password is also listed in previous public breaches. If the password is included in previous breaches, the website is to consider the password insecure because all of these exposed passwords have most likely been added to even the most basic password-guessing brute-forcing tools.

Is brute-forcing still a thing?

Why does this still work? I would think we would have adjusted things years ago so that once a wrong password is tried like, oh, I don't know, say 50 times the account is locked. Or don't allow more than one attempt per second. Something along those lines.

They didn't look at intelligence...

[Jon.Burgin]

they looked at grades, which is a dubious measurement of intelligence at best.