Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security The Internet Communications Network Networking Privacy United Kingdom United States Technology

Elderly Use More Secure Passwords Than Millennials, Says Report (qz.com) 153

An anonymous reader writes from a report via Quartz: A report released May 24 by Gigya surveyed 4,000 adults in the U.S. and U.K. and found that 18- to 34-year-olds are more likely to use bad passwords and report their online accounts being compromised. The majority of respondents ages 51 to 69 say they completely steer away from easily cracked passwords like "password," "1234," or birthdays, while two-thirds of those in the 18-to-34 age bracket were caught using those kind of terms. Quartz writes, "The diligence of the older group could help explain why 82% of respondents in this age range did not report having had any of their online accounts compromised in the past year. In contrast, 35% of respondents between 18 and 34 said at least one of their accounts was hacked within the last 12 months, twice the rate of those aged 51 to 69."
This discussion has been archived. No new comments can be posted.

Elderly Use More Secure Passwords Than Millennials, Says Report

Comments Filter:
  • by Anonymous Coward on Tuesday May 24, 2016 @06:00PM (#52175187)

    Damn.

  • Age bias much? (Score:2, Insightful)

    by Anonymous Coward

    51-69 is elderly???? Come on who wrote this.... 75 maybe, 80 even. But 50-60 is not.

    • by MrKrillls ( 3858631 ) on Tuesday May 24, 2016 @06:06PM (#52175223)
      I'm 64. 65 is elderly.
      • 65 is elderly.

        I hope not. Almost 60 here and I hope that I am not "elderly" in 5 more years.

        Based on family history, that would mean that I will have to live about 30 years as an "elderly person".

        • Re:Age bias much? (Score:5, Insightful)

          by MrKrillls ( 3858631 ) on Tuesday May 24, 2016 @08:18PM (#52175829)
          When I'm 65, 66 will be elderly. And so on...

          More seriously, I've decided elderly is a state of mind. Someone else's mind.

          • When I'm 65, 66 will be elderly. And so on...

            More seriously, I've decided elderly is a state of mind. Someone else's mind.

            I'm a senior. I don' t have trembles in the hand and fingers, but I have some life savings and some pensions. I do not work. If I am online and my ID is hacked, and then my id is stolen, the impact to my possessions is possibly depletion without my knowledge.

            Ergo, I take the time to create a password that is long, is varied, is with characters added to the US keyboard layout. Characters like € or ¥ and like # ± £
            I go on the assumption that typical hacker software will not look ou

            • Damn good thinking!!! I like that. Characters outside normal scope. I didn't know they would work.
              • by Rakarra ( 112805 )

                Damn good thinking!!! I like that. Characters outside normal scope. I didn't know they would work.

                Most services I sign up for have really stupid restrictions on what characters can be put in a password. No spaces, oftentimes even no punctuation.

                • I've noticed that too. But it doesn't make your excellent idea any less excellent. It just makes such sites look less safe compared to what they could be.
        • I'm in my mid 50s. If anyone calls me "elderly" I'll thump them with my cane!

        • 65 is elderly.

          I hope not. Almost 60 here and I hope that I am not "elderly" in 5 more years.

          Based on family history, that would mean that I will have to live about 30 years as an "elderly person".

          Welcome to the flip side of living longer. It's all pasted onto the elderly part.

        • by Rakarra ( 112805 )

          Based on family history, that would mean that I will have to live about 30 years as an "elderly person".

          Yes, exactly, which is the big problem we face now with our ability to extend life and let people live longer. It's not the healthy part of life that's being extended.

      • I'm 66, and 65 isn't elderly. It may have been elderly 50 years ago, but not now.
        • I'm 66, and 65 isn't elderly. It may have been elderly 50 years ago, but not now.

          Reminds me of those TV commercials where a woman states how she isn't going to age with a "I don't think so!"

          Good luck with never growing old.

          • Oh, I'm not claiming that I'll never grow old, or that I'm still the same as I was at 35. I am, however, active enough that most people who don't know me wouldn't consider me elderly, and as Asimov used to say, I consider myself to be in late youth. Among other things, I still have most of my hair and it's not even started to turn gray yet.
    • Exactly, that would be middle-aged. At 53 (nearly 54) I do not look or feel "elderly". Oh well..no point in getting butthurt over it though, it was just for ease of semantics I suppose.
  • by FireballX301 ( 766274 ) on Tuesday May 24, 2016 @06:02PM (#52175197) Journal
    I strongly suspect that 'millennials' have password protected accounts at far more places online than 51+ people. At that point it doesn't matter how strong your password is, but which shitty service stores your password as unsalted MD5 and lets the intern leave the remote login session active
    • by Anonymous Coward

      how many of those compromised accounts were because they gave their passwords out to friends?

      • I was looking for this one.

        The fact is, like most research these days, it's half-assed. They apparently wrote a survey and paid someone to make calls but the survey didn't adapt to the reality. Like "If the user's accounts have been jacked... why?"

        I have passwords I print out and hang up like wireless access and netflix accounts. I have passwords which I use for banking. Passwords I use for servers, etc...

        There's the other issue as well... how about who jacked their accounts?

        Ex-girl/boy friend? Ex-BFF? Etc.
        • They also didn't look at things like password reuse. I do informal tech support for family and neighbours, and for people in the (snort) "elderly" age group their one password, while it may not be "1234" or "password", is reused everywhere. No concept of sanitary password use, you've got one secret and that's good for everything from MyFaceChatsApp to online banking.
          • I've done a lot of the same once upon a time and professionally. This study has it backwards. It's the elderly that use 1234 or a birth year as a pin code. If this trend is down it's because you can't use those easy passwords for most things anymore.

            The elderly have fewer accounts, use them less, are less likely to be specifically targeted, and are less likely to know when their account has been compromised. This is a much more plausible explanation for reduced reports of compromised accounts.
    • You're looking at it backwards: The elderly have better passwords because the things they do have passwords to are vital to their survival. That is, their online banking, brokerage, pension, insurance company, medicare, social security. And unlike millennials, elderly are keenly aware of how crucial keeping control of their money is to their independence and personal security.

      • by AmiMoJo ( 196126 )

        Millennials probably have good passwords for their online banking and email too, or two factor auth even. It's just that they also have many other disposable accounts with weak passwords that they don't care at all about.

        I use the same password or a slight variation for many throw-away accounts, but the stuff that actually matters has unique strong codes and I always enable 2FA if available.

      • "The elderly have better passwords because the things they do have passwords to are vital to their survival. That is, their online banking, brokerage, pension, insurance company, medicare, social security."

        That's true but only the part where they only have crucial accounts is their fault. The rest of those things have atypically strong password requirements so the elderly have no choice but to use secure passwords. The elderly actually fall into the most likely to use category for a single digit, a family m
    • I strongly suspect that 51+ people have had password protected accounts for 30 years longer than 'millennials'. I'd bet I've forgotten about more accounts than the average millennial has ever had.
    • by ryanmc1 ( 682957 )
      You should never use the same password on multiple sites for this exact reason. It is easy to make a simple change to your password for each site, for example use the first character of the domain as the 5th character in your password, the rest stays the same. This makes each password unique and cannot be used to hack another account, but still easy to remember.
    • Did any one cheek the paper to see if they normalised for number if accounts, or even better, only asked for passwords of important primary accounts like banks? If not, another completely stupid and flawed servey passed off as research.
    • darn whippersnappers these days don't even know how the machines work anymore. Pretty soon our society will be like in Spock's Brain.

      "Brain, brain, and more brain, what is brain."

    • I strongly suspect that 'millennials' have password protected accounts at far more places online than 51+ people. At that point it doesn't matter how strong your password is, but which shitty service stores your password as unsalted MD5 and lets the intern leave the remote login session active

      My experience with millennials is that they share passwords, they tend towards short easy passwords and some even open text them. People older than 51 are not all the grandma meme, why some of us are even tech and security savvy, as well has having more assets to protect, so logic might come to the conclusion we are more careful.

  • Obvious... (Score:5, Funny)

    by K. S. Kyosuke ( 729550 ) on Tuesday May 24, 2016 @06:03PM (#52175203)

    The sixty-year old guy's password: "NowIsTheWinterOfOurDiscontent"

    The thirty-year-old guy's password: "trumpsucks" ("trumpsucksbigtime" if you're lucky).

    • Or, if you're in your mid sixties, as I am, you use a realistic easy to remember password: ICan'tRememberMyPassword!
    • by Minupla ( 62455 )

      Actually that's close to my password generation alg:

      An acronym from a song lyric,+ some telephone number + something current so:
      ng2gyung2lyd4165555555/. (and if you decoded the song lyric, I just rickrolled you as a bonus!) by the time my work place goes through a password cycle, I've committed it to muscle memory, and until then I can regenerate it from the algorythm. And it's not something a brute force or a dictionary attack is going to break, even if the attacker knew my method.

      Min

    • by donaldm ( 919619 )

      The sixty-year old guy's password: "NowIsTheWinterOfOurDiscontent"

      The thirty-year-old guy's password: "trumpsucks" ("trumpsucksbigtime" if you're lucky).

      You could use something like "mkpasswd -l 29" or if you are really paranoid "mkpasswd -l 64". Now all you have is the problem of remembering it unless you have a password database which you secure with a password of 123456. ;-)

    • by AmiMoJo ( 196126 )

      Both of those are pretty weak though. "NowIsTheWinterOfOurDiscontent" will be in any half decent cracking dictionary, with automatic case variations and with/without spaces. "trumpsucks" is obviously terrible, and adding capitalization or a few random digits won't help it much.

      • "NowIsTheWinterOfOurDiscontent" will be in any half decent cracking dictionary

        That's a very convenient "argument". You'll just label any cracking dictionary without it as "obviously not even half decent, case closed" and that's it. Very clever!

        • by AmiMoJo ( 196126 )

          I think that by any objective measure a cracking dictionary should contain common phrases, like popular Shakespeare quotes and song lyrics. Those are widely known to be popular passwords, appearing regularly in top 100 lists.

  • A few thoughts... (Score:3, Insightful)

    by wardrich86 ( 4092007 ) on Tuesday May 24, 2016 @06:08PM (#52175237)
    The older group are probably more likely to have their passwords written down on sticky notes under their keyboards, or stuck to their monitors.

    Furthermore, the percent of hacked accounts would be hard to solve, as many younger folk are likely signed up to way more sites and services using the same password across the board. This would easier intrusion into the more secured sites.
    • Re:A few thoughts... (Score:5, Informative)

      by TheCarp ( 96830 ) <sjc AT carpanet DOT net> on Tuesday May 24, 2016 @06:35PM (#52175361) Homepage

      > The older group are probably more likely to have their passwords written down on sticky notes under their keyboards, or stuck to their monitors.

      The day malware can lift your keyboard to look, the seniors are going to be in a lot of trouble.

    • The older group are probably more likely to have their passwords written down on sticky notes under their keyboards, or stuck to their monitors.

      The elderly are smart enough to have them in a smartphone ... as a note to a fake contact in the address book or elsewhere. Even I have passwords that cant be easy remembered. At the place where I'm working right now I have over 10 different passwords.
      Most people there keep their passwords in a word file on the desktop. So much for security ...

    • by NotQuiteReal ( 608241 ) on Tuesday May 24, 2016 @07:02PM (#52175515) Journal
      My password "cheat sheet" purposely has typos in them, and don't explicitly say what they go to.

      My memory is good enough to know them by heart most of the time, but for some seldom used ones, just looking at my notes is enough to remind ME. I wouldn't want to have someone take my crib notes, but the casual burglar isn't likely to be sober long enough or be patient enough to try and figure out my mess-o-letters.

      (oh, and it is in an encrypted .docx file, not printed on paper.)
      • My password cheat sheet is the word used for the core of the password. Then I interweave a numerical pattern I've used for so many years I'm unlikely to forget it. Now if I ever have to change that number pattern, I'm kind of screwed.
    • The older group are probably more likely to have their passwords written down on sticky notes under their keyboards, or stuck to their monitors.

      The older group come from a time when we actually had to remember people's phone numbers, without having them all programmed into our cell phone.

      Many of them have also been typing on real keyboards for decades, so it's no big deal to have a 16 character password.

      Need a fairly secure password? Use the address of your best friend from 1970. Or the phone number of yo

      • Yes! When I was big into BBSes, I had close to 60 telephones numbers and logins memorized, not counting all the people I knew. I found that it's really a learned skill, and the more I memorized the easier it became. I don't have a cell phone, but still don't write people's numbers down. And no, my computer could not auto dial.
        • by Gr8Apes ( 679165 )
          I am at the point now where I have so many passwords and so many phone numbers, that I don't even bother remembering anything I don't use monthly. For the rest, a password manager keeps them secure and safe, and it's not on my phone. The biggest problem with millennials is that they want access to everything on their phone. Unlike them, I prefer a real screen with actually usable real estate and functionality. I can complete a transaction on my laptop in about 5s that takes a millennial 5 minutes on their d
    • by hey! ( 33014 )

      Writing down a hard-to-remember password is sometimes a better strategy than memorizing a low-entropy password. It depends on the nature of the threat.

      You have to do a threat assessment. Who are you worried about? For example at work, writing down your server passwords and sticking them in your desk drawer is a bad idea, because one of the purposes of that password is to distinguish between you and coworkers, some of whom might have nefarious reasons to impersonate you. But let's say it's the password to

  • by Fringe ( 6096 ) on Tuesday May 24, 2016 @06:10PM (#52175251)

    There is so much wrong with that as to be comical.

    When do you ever hear about insecure passwords being compromised? That doesn't happen. They get leaked. Constantly. But not guessed, not when they can be leaked or stolen.

    So how does a super-ultra-secure password help?

    And then we have this odd bit of math, that 18% of the >51 age range had compromised accounts, while less than double that, 35%, of the youngest range had. Probably, but unclear because the report requires providing PII, while having four times more accounts. I'd certainly bet that the 18-to-34 age bracket has more than double the account count of the compu-geysers. (I say as someone just squeaking below that bar.)

    Which would imply that, mathematically, insecure passwords are more secure. Go figure.

    • Or the elderly are less likely to realize that their account has been hacked?
      • by Anonymous Coward

        The people who were in the prime of their engineering careers during the rise of the age of computers and the internet are those who are just now passing the age of 65. Assuming no degenerative disorders, these people very much understand account security. But, I suppose they are a very small fraction of that age bracket.

    • by eskayp ( 597995 )

      We is compu-GEEZERS, not compu-geysers.
      Unless, of course, you are snarkily referring to our propensity to froth at the mouth while eating milk toast while sitting in our wheelchairs.

    • A competently operated website will store hashes of the passwords instead of the passwords themselves.
      If the hashes get leaked then typically two thirds of the passwords will be revealed in the first few minutes of cracking because people mostly use weak passwords, sites use hashing algorithms that arn't slow enough and GPU's can try billions of passwords per second for common algorithms.

      However a good password, such as 14+ random letters and numbers or 5+ random words that don't appear together anywhere in

      • by Gr8Apes ( 679165 )
        We store programmatically salted hashes of passwords. Reversing those can't even be done with rainbow tables, not without generating a table per salt, which is going to be a long drawn out process. We're looking at even putting those hashes in a shadow table referenced by a different salted hash value which generated on the fly. So merely grabbing the DB won't do you a lick of good, especially as even the account user login is also hashed. 2 main pieces of data for logins, no (simple) way to grab them. Runn
        • by tlhIngan ( 30335 )

          We store programmatically salted hashes of passwords. Reversing those can't even be done with rainbow tables, not without generating a table per salt, which is going to be a long drawn out process.

          Salts prevent use of rainbow tables, which helps a little bit. Modern password crackers are dictionary based, with various "twiddles" applied to each word (capitalization, add a number, replace certain characters with numbers, etc). So if the dictionary says "password", the cracker will try "password", "Password",

  • by kamapuaa ( 555446 ) on Tuesday May 24, 2016 @06:12PM (#52175259) Homepage

    Millenials are the worst!

    Also, women, foreigners, minorities, point-haired bosses, liberal arts majors, and really anybody who isn't an old white man with an interest in science/math! They're all the worst!

    • Millenials are the worst!

      Also, women, foreigners, minorities, point-haired bosses, liberal arts majors, and really anybody who isn't an old white man with an interest in science/math! They're all the worst!

      No, just millenials.

  • I'm nearly 60, s'pose that makes me nearly elderly.
    I pick my passwords using
    pwgen -y
    and select from a screen full of 'memorable' passwords

    • by donaldm ( 919619 )

      I'm nearly 60, s'pose that makes me nearly elderly. I pick my passwords using pwgen -y and select from a screen full of 'memorable' passwords

      Tried this and got:
      atom ~] 13:35:13 > pwgen
      bash: pwgen: command not found

      Ok. I installed it and by default you get a list of passwords without any special characters and if you want you can customize the list. It is even possible to generate single passwords.

      Personally, I prefer the command mkpasswd which will give you a new password each time you run it (IMHO preferable to a default list, but to each their own). You do need to install expect though. You can even use options if you want different len

  • In other words... (Score:4, Insightful)

    by skam240 ( 789197 ) on Tuesday May 24, 2016 @06:16PM (#52175279)

    ...old people are on average more responsible than young people! Groundbreaking research!

  • Anything that is financially sensitive or has access to lots of personal correspondence will require a very secure password. My email password is 26 characters. My social media one is 16. My bank password is less "secure" because they don't accept quite a few characters that Google/MS/FB accept, but it's still not something anyone is gonna spend any time cracking.

    Then we get to sites like my newspaper subscription or my intramural sports login. Those are just simple dictionary words I've used since I was
    • but it's still not something anyone is gonna spend any time cracking
      The misconception is that people think you can 'crack a password'.
      You can't.
      If you try to log on on any system and fail several times it shuts you out.
      So, cracking a password is only possible if the password is stored on a system, likely hashed or encrypted, and leaks. If your system is leaking password files, then you have much bigger issues than weak passwords.
      See the linkedin disaster.

      • but it's still not something anyone is gonna spend any time cracking The misconception is that people think you can 'crack a password'. You can't. If you try to log on on any system and fail several times it shuts you out. So, cracking a password is only possible if the password is stored on a system, likely hashed or encrypted, and leaks. If your system is leaking password files, then you have much bigger issues than weak passwords. See the linkedin disaster.

        Erm that's pretty much the only way I know of doing it. A few years ago before they limited login attempts (I assume), someone did break into my twitter account to spam in Russian (for boner pills apparently after I translated it). If they didn't they definitely took it offline to brute force. I know that happened to linkedin (twice) in the times I've been on it. Can't say I've bothered to change that one either.

  • As we reuse the one password that is not easy to guess, but we can remember and use since 45 years (and we know it never got "cracked").

    • Alas, sometimes you can't re-use (or even use logical variations) due to the retarded disparity in password policies (required characters for some sites are forbidden on others...).

      The worst are the sites that make you have such a complicated password there is no way you can remember it.
      • That is actually the case where I work right now.
        And they force one to change depending on system every 4 - 6 weeks.
        Then again, half the systems use a single sign on solution via LDAP ... so you safe the subversion password (which you should not as it is unsafe but plenty do). Now you are forced to change the password for your windows log in. An hour later you are playing with Eclipse and wonder why subversion gives error messages. Then you lock your screen and go to a colleague. When you come back you can

  • No mystery... (Score:5, Insightful)

    by Deadstick ( 535032 ) on Tuesday May 24, 2016 @07:01PM (#52175509)

    ...we know more words.

  • by PopeRatzo ( 965947 ) on Tuesday May 24, 2016 @07:04PM (#52175517) Journal

    I'm elderly and my password is so strong that I forget it in 2009 and haven't been able to log in to anything since.

    • by Anonymous Coward

      I'm elderly and my password is so strong that I forget it in 2009 and haven't been able to log in to anything since.

      That would hold more punch had you posted it as Anonymous Coward.

  • Elderly? (Score:4, Insightful)

    by markdavis ( 642305 ) on Tuesday May 24, 2016 @07:27PM (#52175645)

    >"Elderly Use More Secure Passwords Than Millennials[...]The majority of respondents ages 51 to 69 say they completely steer away from easily cracked passwords"

    Under what/whose definition is a 51-year-old "elderly"??? Was this title written by a 20-year-old or something? Even 60 is hardly "elderly". And why are there only two groups- 18-34 and 51-69? They are not equal spans? What happened to 35-50?

    Yeesh

    • What happened to 35-50?

      We (mostly) use password managers ;-) I only know one password and it's to decrypt my local password datastore. When that gets corrupted I'll be resetting passwords for weeks. All of my passwords resemble 2r9aIx'DbFbKRU;v4u!LgRn so there's no way I'm remembering or typing any of them in.

      • What happened to 35-50?

        We (mostly) use password managers ;-) I only know one password and it's to decrypt my local password datastore. When that gets corrupted I'll be resetting passwords for weeks. All of my passwords resemble 2r9aIx'DbFbKRU;v4u!LgRn so there's no way I'm remembering or typing any of them in.

        Those of us older than 69 also use password managers.

    • Gen X. AKA the missing or sandwich generation. Also an early Billy Idol [youtube.com] band.
    • What happened?

      Gen X had a brief flicker of spotlight in the 90s, then became quickly forgotten.

      We were overshadowed by the Boomers from the 60s - 80s, and then when they had kids(The Millenials, who are now the largest generation), they became the generation du jour, as so aptly penned here. [liberatormagazine.com]
  • Chrono-Americans use better passwords because unlike the young, they write everything down. A user who never takes her laptop to Starbucks or to work is okay with setting up difficult passwords and then referring to a list in the silverware drawer when her grandchildren need to connect to the WiFi.

  • "The diligence of the older group could help explain why 82% of respondents in this age range did not report having had any of their online accounts compromised in the past year"

    Did not report or have still not noticed ??
    I joke...

  • Older folks have a bigger stash and also don't have time to start over, saving money. It is logical that they are more eager to protect what they have than a generation that not only has much less but also has time to recover from a loss. Older folks need more protection.
  • So, as a 57 yr old, I've noticed that people tend to get more jaded as they age. We've been through some shit, and don't want it to happen again. We're not as trusting of everyone as we were in our twenties and thirties. We've been scammed, or someone close to us has, so we've learned by experience. Learning from other people's mistakes isn't easy for most humans.

    Now, get the hell off of my lawn.

  • This article is stupid. Who says compromised accounts are gained by password guessing? There are many other ways:

    • Phished
    • Same password used at another service which was phished
    • Keylogger malware
    • Technology exploit (e.g. website)
    • Security questions too easy to crack

    Brute force is uncommon these days, because there is technology to limit password guessing.

  • This white paper requires registration to obtain. The whole thing is a poorly veiled attempt to sell the identity management solution. This isn't news. This is infomercial.
  • I've seen a lot of very weak passwords from my elderly users, and those that look strong are often guessable with a little research. If you know the names and birth years of their grandchildren, you probably have all you need.
  • Everyone knows long passwords are more secure than short ones.

  • for much of her stuff. She's super-paranoid about hacking. I've been trying to convince her that she doesn't need such strong passwords for inconsequential websites, for example. Sometimes she has to read something like 7r8guP-a+uN-sUfe over the phone to me when she needs me to login somewhere to take care of something. Hilarity ensues...

The most difficult thing in the world is to know how to do a thing and to watch someone else doing it wrong, without commenting. -- T.H. White

Working...