Description
This study attempted to quantify the data breach exposure of students at select universities in Michigan, and to analyze their password creation behavior. A large, 1.4 billion-record corpus of breach data was examined for student email addresses corresponding to eight prominent Michigan universities. Institutions included within this study were: Central Michigan University, Eastern Michigan University, Ferris State University, Michigan State University Northern Michigan University, Western Michigan University, Wayne State University, and University of Michigan. A total of 144,083 email/password records were found, corresponding to 121,215 distinct email addresses. We found that university users more frequently employed password mutation techniques as opposed reuse of identical passwords. Common passwords within each dataset were predictable and often university-centric, however a majority of users employed unique passwords.
