Young people pick terrible passwords compared to their elders

In most cases, the only thing protecting your important data on the web from an intruder is a single password. Even worse, most people use simple passwords like ‘password’ and ‘123456’ to protect their email and bank accounts.

Joseph Bonneau, a computer scientist at Cambridge University, was able to examine 70 million hashed passwords that Yahoo! provided him and concluded that password complexity increases as the age of the user increases.  While strength between ages 13-34 were roughly the same, there’s a noticeable increase in the 35-44 demographic and an even higher increase in the 45-54 and 55+ demographics.

Bonneau also analyzed password strength based on language preference and found that while most languages were roughly the same, users who selected German or Korean as their primary language had passwords that were significantly more complex than average. On the flipside, users who selected Indonesian as their language were significantly weaker. The author did not provide an explanation for the differences.

Another interesting tidbit from the research is that women tend to pick slightly more difficult passwords than men do.

One of the big concerns is the fact that users who store credit card information within the site have only marginally more secure passwords. This means that attackers could have easy access to stolen credit card information.

The study is an interesting analysis on password strength and we hope that it will remind users to not only create more difficult passwords to protect your private information but to also change your password on a somewhat regular basis.

Source: Cambridge University/Joseph Bonneau

Report a problem with article
Previous Story

HP Discover: Topics we'll be exploring

Next Story

DHS issues warning about Flame malware in the US

31 Comments

Commenting is disabled on this article.

Young people - almost all of them have Attention Deficit Disorder and are responsible for causing the massive dumbing down of computing.

xpclient said,
Young people - almost all of them have Attention Deficit Disorder and are responsible for causing the massive dumbing down of computing.

ADD/ADHD are diagnosed so useless parents don't have to be strict with their kids.

"Oh, he has ADD/ADHD"
"No, smack the kids ****ing ass when it does the wrong thing love"

Passwords these days are getting way too complex for it to be secure and remember, hence the reason why we use password managers. Am I right? Lols

whats the point of keeping strong passwords when most of the time attackers target the verification process itself or the service itself to steal mass data rather than targeting individuals for single account access !!!

aristofeles said,

Multiple word passwords are great assuming they don't limit how long your password can be. An alternative to this can be a long sentence that you use just to first letter of some of the words. So instead of "correct horse batter staple" it could be "ch battery s" which keeps it within the 12 to 15 character limit many sites impose needlessly.

Some older folk get "IT Guys" in to help them setup things such as online banking / email accounts, and its these "IT Guys" that usually set a secure password for them i reckon.

That's what i do anyway, even if they want elizabeth1 as a password, i will tell them no, they need a more secure one

Shikaka said,
Some older folk get "IT Guys" in to help them setup things such as online banking / email accounts, and its these "IT Guys" that usually set a secure password for them i reckon.

That's what i do anyway, even if they want elizabeth1 as a password, i will tell them no, they need a more secure one

When I started work at a job years ago, two of us started the same day. The IT guy said to me, "your password is horse" and then to the guy standing next to me, "your password is pony". Not all IT guys understand complex passwords.

Daniel_Pooh said,
HOW DO THEY ****IN KNOW OUR PASSWORDS!!?

"70 million hashed passwords that Yahoo! provided him". The passwords were not in clear text, but hashed. That guy would have applied the same hashing algorithm to simple passwords such as "password" and match the hashed value with the list he got from Yahoo.

These are the main reasons:

1. First, the older the people, the more "sensitive data" they will have, and will want to protect it no matter what.

2. Second, the younger you are the more carefree you are; no one is thinking that can be hacked. One lives within a bubble, until it bursts and you realize "life".

3. The younger you are these days, the more interactive you are with tech stuff. Much of this stuff requires server interaction, hence a password for identification. Inputting simple passwords is the best way to prevent forgetting things.

4. People do not value the information they possess so they give very little importance to it.

Young people these days sadly seem to pick a lot of bad things in most aspects of their lives... they're not as bright as they used to be because they dont get to use their minds as much as kids used to where technology was more limited.

My passwords used to be really complex. I remember waking up one Monday morning (September 8th, 2008) and attempting to log on to my LSE TradElect account.

Another time, I saw this really funny YouTube video which I wanted to comment on and share. So I logged in, commented, and posted a Facebook and Twitter update. The next morning, the FBI, NSA and Interpol showed up, blindfolded me, took me to a warehouse, and waterboarded me for several hours. I think they said something about buffer overflow and redirecting sensitive US internet traffic to China, but I can't really remember. I was too preoccupied trying NOT to drown.

Today, most of my passwords are simple like Pa$$word1 (not the one on Neowin though)

well I kind of disagree, but I guess only one wont break the norm.

I have 3 passwords, depending on the security. low medium high. the two higher ones have 10+digits, all random, and took quite a while to memorize... xD

sexypepperoni said,
My passwords are so complex, in order to login to websites I have to reset the password every time.

Pretty much this, which is why I hate when my cookies break on a certain site for whatever reason.

sexypepperoni said,
My passwords are so complex, in older to login to websites I have to reset the password every time.

Funny! We all know you use a password manager like lastpass or roboform.

sexypepperoni said,
My passwords are so complex, in older to login to websites I have to reset the password every time.

Look into KeyPass, LastPass or the multitude of other password keepers. LastPass works on almost every platform. Also, I believe LastPass works with keyfobs for added protection.

If you're using Chrome, you can see all of your stored passwords if you happen to forget one.

warwagon said,

Funny! We all know you use a password manager like lastpass or roboform.

Nah, if I can't remember my password, nobody can crack them!

sexypepperoni said,

Nah, if I can't remember my password, nobody can crack them!

That's actually completely wrong. Whether you remember your password or not is irrelevant to its strength vs an attack to guess it. You're probably aware of this but I'm just saying it in case someone reads that and takes it at face value.

monomellow said,
Always a combination of numbers, uppercase, lowercase, symbols.

It is too bad that many sites don't allow complex passwords. Often times trying to use symbols will get a password rejected. And if not, they have 3 symbols to pick from.

My password is so incredibly complex. But I never use a random assortment of characters, because those are very difficult to memorize.