Forgot your password?
typodupeerror
Security

Geezers Pick Stronger Passwords Than Young'uns 189

Posted by timothy
from the as-many-characters-as-the-post-it-will-hold dept.
McGruber writes "Joseph Bonneau, a computer scientist at the University of Cambridge, calculated the password strengths of nearly 70 million Yahoo! users. He compared the strengths of passwords chosen by different demographic groups and compared the results. People over the age of 55 pick passwords double the strength of those chosen by people under 25 years old." Does this mean that the younger users are more cavalier and naive, or are they simply more cynical about the actual value of strong passwords in the era of large-scale user-database compromises?
This discussion has been archived. No new comments can be posted.

Geezers Pick Stronger Passwords Than Young'uns

Comments Filter:
  • by jabberwock (10206) on Saturday June 02, 2012 @01:41PM (#40195081) Homepage
    ... the more likely it is that you actually have an identity worth stealing.
  • by mbkennel (97636) on Saturday June 02, 2012 @01:42PM (#40195089)

    If it's at home, somebody needs to break in physically, commit a felony, risk their life, and know to obtain one single password from a monitor.

    Other passwords are compromised in mass dictionary attack and hacking invisibly, in foreign jurisdictions, and never get compromised.

    I have another theory about the results: older people are more responsible.

  • by Anonymous Coward on Saturday June 02, 2012 @01:47PM (#40195107)

    What's really frightening is the implication that Yahoo stores passwords. There's really no justification for ever storing a password unhashed. You'd think Yahoo of all places would have the competence to know that.

  • Re:Memory? (Score:5, Insightful)

    by spire3661 (1038968) on Saturday June 02, 2012 @01:51PM (#40195137) Journal
    Every password I have is written down in a Red & Black notebook in my office at home. If you are clever/powerful enough to get a look at it without my permission, I have bigger problems then worrying about my passwords.
  • young != geek (Score:5, Insightful)

    by tverbeek (457094) on Saturday June 02, 2012 @01:52PM (#40195145) Homepage

    ....or are they simply more cynical about the actual value of strong passwords in the era of large-scale user-database compromises?

    I seriously doubt that most young people (i.e. the ones who aren't tech majors) even understand what this means. Young people appear to be more tech-savvy mostly because they have grown up around it and are not intimidated by it; it isn't because they have an innately better understanding of computer science and follow tech news more closely.

    In fact, that lack of intimidation is also a better explanation of why they choose weaker passwords: they don't take it as seriously as older people, who both have had more (bad) experiences in life to make them more cautious, and are less comfortable with computers out of unfamiliarity

  • by Gonoff (88518) on Saturday June 02, 2012 @01:54PM (#40195167)

    Younger people are known (by insurers and police anyway) to be prone to driving faster. They seem to work on the principle that nothing bad happens to them.

    Stories of wartime included the 30somethings diving into cover at every event. People 10-15 years younger mocked them.

    With less experience, people do not believe things will happen to them We older codgers know it does and take precautions.

    ,

  • by Anonymous Coward on Saturday June 02, 2012 @01:57PM (#40195181)
    Yeah people who create throwaway yahoo accounts are unlikely to use very strong passwords.

    IIRC there was a time when you had to go through a drop down to select the birth year, and who is going to bother to scroll to geezer age for their throwaway account?
  • by icebike (68054) * on Saturday June 02, 2012 @02:01PM (#40195221)

    Which one is *really* more secure?

    The one written on the monitor obviously.

  • by perpenso (1613749) on Saturday June 02, 2012 @02:21PM (#40195317)

    Older users are more likely to have a Yahoo address as their primary email, etc.

    Real geezers telnet into the server and read their email using MH. If the command line was good enough in 1982, then it is good enough today.

    Joking aside, ssh and pine(*) work really well. If the content of the email is heavily using some sort of markup language and graphics it is probably not an email I need or want. On some days I think ssh/pine would be more efficient than a modern GUI-based client.

    For those unfamiliar with text email clients think of them as twitter without a 140 character limit. ;-)

    (*) Substitue alpine, mutt, whatever if you prefer.

  • by rubycodez (864176) on Saturday June 02, 2012 @02:29PM (#40195351)

    bullshit, I"m half a century old and I ssh or use https in browser with ShellInABox to read my mail with mutt.

    we use stronger passwords because we've been around the block enough times to know there are bad people out there

  • by Presto Vivace (882157) <marshall@prestovivace.biz> on Saturday June 02, 2012 @03:03PM (#40195537) Homepage Journal
    It is just possible that geezers have learned a thing or two.
  • by techno-vampire (666512) on Saturday June 02, 2012 @04:55PM (#40195997) Homepage
    I am by no means young, I'm 31, but am part of a more tech savvy generation.

    I'm twice your age and I've been working/playing with computers for over forty years. In general, I've divided all sites that require passwords into three sets: those that store data that I care about (banks and so on), those that don't (comic strip sites, Slashdot and so on) and those that don't but require "strong" passwords.

    The first set gets strong, unique passwords. For those that Firefox can't store, I have a place on-line to stash them; if you can find and access it, I've got more things to worry about than my passwords. For the second, all of them use the same password, simply to make things easy. After all, there's no way that the software running a blog (let's say) is going to know that you're using the same password for it as you are to sign on to a shopping site. And, the password's obscure enough that nobody who doesn't know me very, very well is ever going to come up with by guessing, and it's at least as safe from a dictionary attack as any random, unpronouncable word can be. For the third, I have several variations on my standard password to fit various restrictions. Thus, things I don't care about very much are safe from anything except a very determined attack, and those I do are even better protected. Frankly, I'm more concerned about the possibility of my password being picked up by a cracker stealing a password database than by having it guessed.
  • by b4dc0d3r (1268512) on Saturday June 02, 2012 @05:16PM (#40196125)

    You reminded me - I never put my real age. Someone who is tech savvy is likely to have a strong password, as well as keeping other personal info private. Resetting my password involves remembering a fake birthdate, fake mother's maiden name, fake first job, everything is fake.

    If one site gets compromised, that info won't get someone into any other account.

    So one of the assumptions here is that the ages are correct, which is not necessarily the case. For more tech savvy people, it is more likely the age will be incorrect. To me, this study therefore has no value without validating a statistically significant portion of the user data. And if asked, I would say i really was born 25 years earlier than I was.

For every bloke who makes his mark, there's half a dozen waiting to rub it out. -- Andy Capp

Working...