A group of researchers from The University of Bonn has found that computer science students need to be explicitly told to employ important password security measures. This research carried out by the German academics found that without prompting, the programmers didn’t feel the need to store the passwords securely.
The programmers that took part in the research were hired from Freelancer.com. The researchers asked 260 Java coders to create a user registration system for a fake social network. Out of 260, only 43 accepted the job.
For the study, the programmers were divided into two groups: one half was paid €100; the other half was paid €200. This was done to see if higher pay made any difference in the password security implementation.
These groups were further divided into two parts and one group wasn’t given any instructions regarding storing the password security.
Surprisingly, out of 43, 18 programmers stored the passwords in plaintext and they were asked to resubmit their code. Out of 18, 15 coders were from the group that wasn’t given any instructions regarding passwords.
The study also found that the programmers often used encryption and hashing as synonyms, and they copied the code from the internet to develop a secure system from scratch.
This result shows that password security isn’t a primary concern of the programmers when working on a project. It’s worth noting that this study is a continuation of a couple of past studies carried out using students as subjects and the professionals don’t seem to be any better.
