Over 55-year-olds pick better Internet passwords

An analysis of nearly 70 million online accounts shows how bad most people are at creating secure passwords.
Written by Tuan Nguyen, Contributor

So much for the notion of younger people being more web-savvy. The typical web internet user over the age of 55 picks passwords that are two times stronger than the under-25 set, according to a security analysis of nearly 70 million Yahoo! users.

Joseph Bonneau, a computer scientist at the University of Cambridge, conducted the research, which turned up a few other perhaps surprising findings. For instance, a worldwide comparison of nations showed that Germans and Koreans tended to have the strongest passwords. Indonesians chose the weakest. Vietnamese and Italians also used weak passwords. But not surprisingly, people who changed their password from time to time tend to select the strongest ones. The study's results were presented at the Symposium on Security and Privacy in San Francisco, California, on 23 May.

So this would suggest that, in essence, an older German person would have the most uncrackable password right? Well even so, the news overall wasn't good. The analysis showed that people's passwords usually had less than 10 bits of online security protection, which means that as few as 1,000 attempts was all that's needed to hack into a user's account. More troubling was the fact that those with a credit card stored on their account did little to bolster protection beyond avoiding weak passwords such as "123456," according to New Scientist.

“The most troubling finding of our study is how little password distributions seem to vary … with effective security varying by no more than a few bits,” Bonneau wrote.

To calculate password strength, Bonneau used a technique called hashing, which, similar to encryption, masks the users original password. He believes his approach offers more of a real-world scenario because often times "maybe an attacker is happy to only break one per cent of accounts they have access to, or 50 or even 90 per cent," he says.

His solution: Give people randomly chosen nine-digit numbers since even a combination chosen at random would be 1,000 times more secure against every type of attack.

Personally, I think that people tend to pick less-secure passwords because simple patterns and important dates are a lot easier to commit to memory than a completely random combination. Hence the dilemma: How do you create a strong password password that you can recall easily?

For that, check out my post on "How to create an easy-to-remember, ultra-secure password."

(via New Scientist)


The latest on security and privacy:

This post was originally published on Smartplanet.com

Editorial standards