Elderly Use More Secure Passwords Than Millennials, Says Report (qz.com) 153
An anonymous reader writes from a report via Quartz: A report released May 24 by Gigya surveyed 4,000 adults in the U.S. and U.K. and found that 18- to 34-year-olds are more likely to use bad passwords and report their online accounts being compromised. The majority of respondents ages 51 to 69 say they completely steer away from easily cracked passwords like "password," "1234," or birthdays, while two-thirds of those in the 18-to-34 age bracket were caught using those kind of terms. Quartz writes, "The diligence of the older group could help explain why 82% of respondents in this age range did not report having had any of their online accounts compromised in the past year. In contrast, 35% of respondents between 18 and 34 said at least one of their accounts was hacked within the last 12 months, twice the rate of those aged 51 to 69."
51 is "elderly"? (Score:5, Funny)
Damn.
Re: (Score:2)
Age bias much? (Score:2, Insightful)
51-69 is elderly???? Come on who wrote this.... 75 maybe, 80 even. But 50-60 is not.
Re:Age bias much? (Score:5, Funny)
Re: (Score:2)
I hope not. Almost 60 here and I hope that I am not "elderly" in 5 more years.
Based on family history, that would mean that I will have to live about 30 years as an "elderly person".
Re:Age bias much? (Score:5, Insightful)
More seriously, I've decided elderly is a state of mind. Someone else's mind.
Re: (Score:2)
When I'm 65, 66 will be elderly. And so on...
More seriously, I've decided elderly is a state of mind. Someone else's mind.
I'm a senior. I don' t have trembles in the hand and fingers, but I have some life savings and some pensions. I do not work. If I am online and my ID is hacked, and then my id is stolen, the impact to my possessions is possibly depletion without my knowledge.
Ergo, I take the time to create a password that is long, is varied, is with characters added to the US keyboard layout. Characters like € or ¥ and like # ± £
I go on the assumption that typical hacker software will not look ou
Re: (Score:2)
Re: (Score:2)
Damn good thinking!!! I like that. Characters outside normal scope. I didn't know they would work.
Most services I sign up for have really stupid restrictions on what characters can be put in a password. No spaces, oftentimes even no punctuation.
Re: (Score:2)
Re: (Score:2)
I'm in my mid 50s. If anyone calls me "elderly" I'll thump them with my cane!
Re: (Score:2)
I hope not. Almost 60 here and I hope that I am not "elderly" in 5 more years.
Based on family history, that would mean that I will have to live about 30 years as an "elderly person".
Welcome to the flip side of living longer. It's all pasted onto the elderly part.
Re: (Score:2)
Based on family history, that would mean that I will have to live about 30 years as an "elderly person".
Yes, exactly, which is the big problem we face now with our ability to extend life and let people live longer. It's not the healthy part of life that's being extended.
Re: (Score:2)
Re: (Score:2)
I'm 66, and 65 isn't elderly. It may have been elderly 50 years ago, but not now.
Reminds me of those TV commercials where a woman states how she isn't going to age with a "I don't think so!"
Good luck with never growing old.
Re: (Score:1)
Re: (Score:2)
I should have just smoked weed all my life.
I did, and as far as I can tell my grain still works breat.
Re: (Score:2)
Number of accounts matters as well (Score:5, Interesting)
Re: (Score:1)
how many of those compromised accounts were because they gave their passwords out to friends?
Re: (Score:2)
The fact is, like most research these days, it's half-assed. They apparently wrote a survey and paid someone to make calls but the survey didn't adapt to the reality. Like "If the user's accounts have been jacked... why?"
I have passwords I print out and hang up like wireless access and netflix accounts. I have passwords which I use for banking. Passwords I use for servers, etc...
There's the other issue as well... how about who jacked their accounts?
Ex-girl/boy friend? Ex-BFF? Etc.
Re: (Score:2)
Re: (Score:2)
The elderly have fewer accounts, use them less, are less likely to be specifically targeted, and are less likely to know when their account has been compromised. This is a much more plausible explanation for reduced reports of compromised accounts.
Re: (Score:2)
For example, I use my least secure password for slashdot. If you pwn my slashdot account, you need to move out of your mother's basement.
Captcha: Diffused.
You save the captcha? How does that work the next time you post, AC?
Re:Number of accounts matters as well (Score:5, Insightful)
You're looking at it backwards: The elderly have better passwords because the things they do have passwords to are vital to their survival. That is, their online banking, brokerage, pension, insurance company, medicare, social security. And unlike millennials, elderly are keenly aware of how crucial keeping control of their money is to their independence and personal security.
Re: (Score:2)
Millennials probably have good passwords for their online banking and email too, or two factor auth even. It's just that they also have many other disposable accounts with weak passwords that they don't care at all about.
I use the same password or a slight variation for many throw-away accounts, but the stuff that actually matters has unique strong codes and I always enable 2FA if available.
Re: (Score:2)
HAHAHA disregard that, I suck cocks
Re: (Score:1)
For those of you who don't get it, here's the obligatory xkcd [xkcd.com].
Re: (Score:2)
That's true but only the part where they only have crucial accounts is their fault. The rest of those things have atypically strong password requirements so the elderly have no choice but to use secure passwords. The elderly actually fall into the most likely to use category for a single digit, a family m
Re: (Score:3)
Re: (Score:2)
Re: (Score:1)
Re: Number of accounts matters as well (Score:2)
Re: (Score:2)
So....starting with A, B, C, D, or E?
Re: Number of accounts matters as well (Score:2)
Re: (Score:2)
LOL, n00b.
Re: (Score:2)
darn whippersnappers these days don't even know how the machines work anymore. Pretty soon our society will be like in Spock's Brain.
Re: (Score:2)
I strongly suspect that 'millennials' have password protected accounts at far more places online than 51+ people. At that point it doesn't matter how strong your password is, but which shitty service stores your password as unsalted MD5 and lets the intern leave the remote login session active
My experience with millennials is that they share passwords, they tend towards short easy passwords and some even open text them. People older than 51 are not all the grandma meme, why some of us are even tech and security savvy, as well has having more assets to protect, so logic might come to the conclusion we are more careful.
Re: (Score:2)
I use Pwsafe on Android myself. I can just copy the database from my desktop to the phone, and I am ready to go. No conversion required - databases are binary compatible.
And BTW - I use a Yubikey plus a password to open the safe. On the PC, I insert the Yubikey in a USB slot when I want to open the safe. On the phone I make use of the fact that the Yubikey has NFC, and support for that has been integrated into pwsafe - there I just hold the yubikey up against the back of the phone to finish the unlock p
Obvious... (Score:5, Funny)
The sixty-year old guy's password: "NowIsTheWinterOfOurDiscontent"
The thirty-year-old guy's password: "trumpsucks" ("trumpsucksbigtime" if you're lucky).
Re: (Score:2)
Re: (Score:2)
Actually that's close to my password generation alg:
An acronym from a song lyric,+ some telephone number + something current so:
ng2gyung2lyd4165555555/. (and if you decoded the song lyric, I just rickrolled you as a bonus!) by the time my work place goes through a password cycle, I've committed it to muscle memory, and until then I can regenerate it from the algorythm. And it's not something a brute force or a dictionary attack is going to break, even if the attacker knew my method.
Min
Re: (Score:1)
The sixty-year old guy's password: "NowIsTheWinterOfOurDiscontent"
The thirty-year-old guy's password: "trumpsucks" ("trumpsucksbigtime" if you're lucky).
You could use something like "mkpasswd -l 29" or if you are really paranoid "mkpasswd -l 64". Now all you have is the problem of remembering it unless you have a password database which you secure with a password of 123456. ;-)
Re: (Score:2)
Both of those are pretty weak though. "NowIsTheWinterOfOurDiscontent" will be in any half decent cracking dictionary, with automatic case variations and with/without spaces. "trumpsucks" is obviously terrible, and adding capitalization or a few random digits won't help it much.
Re: (Score:2)
"NowIsTheWinterOfOurDiscontent" will be in any half decent cracking dictionary
That's a very convenient "argument". You'll just label any cracking dictionary without it as "obviously not even half decent, case closed" and that's it. Very clever!
Re: (Score:2)
I think that by any objective measure a cracking dictionary should contain common phrases, like popular Shakespeare quotes and song lyrics. Those are widely known to be popular passwords, appearing regularly in top 100 lists.
Re: (Score:2)
The thirty-year-old guy's password: "theyallsuck", "politicianssuck" ("theyallsuckandthewinnersoftheprimariesshouldbeforced intothunderdomestylecagematchesbecauseatleastthatwouldbeentertaining" if you're lucky) .
FTFY
A few thoughts... (Score:3, Insightful)
Furthermore, the percent of hacked accounts would be hard to solve, as many younger folk are likely signed up to way more sites and services using the same password across the board. This would easier intrusion into the more secured sites.
Re:A few thoughts... (Score:5, Informative)
> The older group are probably more likely to have their passwords written down on sticky notes under their keyboards, or stuck to their monitors.
The day malware can lift your keyboard to look, the seniors are going to be in a lot of trouble.
Re: (Score:2)
The older group are probably more likely to have their passwords written down on sticky notes under their keyboards, or stuck to their monitors.
... as a note to a fake contact in the address book or elsewhere. Even I have passwords that cant be easy remembered. At the place where I'm working right now I have over 10 different passwords. ...
The elderly are smart enough to have them in a smartphone
Most people there keep their passwords in a word file on the desktop. So much for security
When I write my passwords down... (Score:5, Interesting)
My memory is good enough to know them by heart most of the time, but for some seldom used ones, just looking at my notes is enough to remind ME. I wouldn't want to have someone take my crib notes, but the casual burglar isn't likely to be sober long enough or be patient enough to try and figure out my mess-o-letters.
(oh, and it is in an encrypted
Re: (Score:2)
Re: (Score:3)
The older group come from a time when we actually had to remember people's phone numbers, without having them all programmed into our cell phone.
Many of them have also been typing on real keyboards for decades, so it's no big deal to have a 16 character password.
Need a fairly secure password? Use the address of your best friend from 1970. Or the phone number of yo
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Writing down a hard-to-remember password is sometimes a better strategy than memorizing a low-entropy password. It depends on the nature of the threat.
You have to do a threat assessment. Who are you worried about? For example at work, writing down your server passwords and sticking them in your desk drawer is a bad idea, because one of the purposes of that password is to distinguish between you and coworkers, some of whom might have nefarious reasons to impersonate you. But let's say it's the password to
Cluelessly Bad Analysis (Score:5, Insightful)
There is so much wrong with that as to be comical.
When do you ever hear about insecure passwords being compromised? That doesn't happen. They get leaked. Constantly. But not guessed, not when they can be leaked or stolen.
So how does a super-ultra-secure password help?
And then we have this odd bit of math, that 18% of the >51 age range had compromised accounts, while less than double that, 35%, of the youngest range had. Probably, but unclear because the report requires providing PII, while having four times more accounts. I'd certainly bet that the 18-to-34 age bracket has more than double the account count of the compu-geysers. (I say as someone just squeaking below that bar.)
Which would imply that, mathematically, insecure passwords are more secure. Go figure.
Re: (Score:2)
Re: (Score:1)
The people who were in the prime of their engineering careers during the rise of the age of computers and the internet are those who are just now passing the age of 65. Assuming no degenerative disorders, these people very much understand account security. But, I suppose they are a very small fraction of that age bracket.
Re: (Score:1)
We is compu-GEEZERS, not compu-geysers.
Unless, of course, you are snarkily referring to our propensity to froth at the mouth while eating milk toast while sitting in our wheelchairs.
Re: (Score:3)
A competently operated website will store hashes of the passwords instead of the passwords themselves.
If the hashes get leaked then typically two thirds of the passwords will be revealed in the first few minutes of cracking because people mostly use weak passwords, sites use hashing algorithms that arn't slow enough and GPU's can try billions of passwords per second for common algorithms.
However a good password, such as 14+ random letters and numbers or 5+ random words that don't appear together anywhere in
Re: (Score:1)
Re: (Score:2)
Salts prevent use of rainbow tables, which helps a little bit. Modern password crackers are dictionary based, with various "twiddles" applied to each word (capitalization, add a number, replace certain characters with numbers, etc). So if the dictionary says "password", the cracker will try "password", "Password",
Millenials are the worst! (Score:3)
Millenials are the worst!
Also, women, foreigners, minorities, point-haired bosses, liberal arts majors, and really anybody who isn't an old white man with an interest in science/math! They're all the worst!
Re: (Score:1)
No, just millenials.
Re: (Score:3)
As overblown as the term has gotten, we actually haven't all been Millennials. Life was objectively different for those of us who grew up before that period.
Yes, they do share some of the characteristics that all young people have had, of course, but they have a somewhat different background and priorities.
As far as trash talking the young, that is both the right and duty of being an elder. Now, get off my lawn.
Re: (Score:2)
Re: (Score:2)
pwgen -y (Score:2)
I'm nearly 60, s'pose that makes me nearly elderly.
I pick my passwords using
pwgen -y
and select from a screen full of 'memorable' passwords
Re: (Score:1)
I'm nearly 60, s'pose that makes me nearly elderly. I pick my passwords using pwgen -y and select from a screen full of 'memorable' passwords
Tried this and got:
atom ~] 13:35:13 > pwgen
bash: pwgen: command not found
Ok. I installed it and by default you get a list of passwords without any special characters and if you want you can customize the list. It is even possible to generate single passwords.
Personally, I prefer the command mkpasswd which will give you a new password each time you run it (IMHO preferable to a default list, but to each their own). You do need to install expect though. You can even use options if you want different len
In other words... (Score:4, Insightful)
...old people are on average more responsible than young people! Groundbreaking research!
There's a time and place for secure passwords (Score:2)
Then we get to sites like my newspaper subscription or my intramural sports login. Those are just simple dictionary words I've used since I was
Re:There's a time and place for secure passwords (Score:4, Interesting)
but it's still not something anyone is gonna spend any time cracking
The misconception is that people think you can 'crack a password'.
You can't.
If you try to log on on any system and fail several times it shuts you out.
So, cracking a password is only possible if the password is stored on a system, likely hashed or encrypted, and leaks. If your system is leaking password files, then you have much bigger issues than weak passwords.
See the linkedin disaster.
Re: (Score:2)
but it's still not something anyone is gonna spend any time cracking The misconception is that people think you can 'crack a password'. You can't. If you try to log on on any system and fail several times it shuts you out. So, cracking a password is only possible if the password is stored on a system, likely hashed or encrypted, and leaks. If your system is leaking password files, then you have much bigger issues than weak passwords. See the linkedin disaster.
Erm that's pretty much the only way I know of doing it. A few years ago before they limited login attempts (I assume), someone did break into my twitter account to spam in Russian (for boner pills apparently after I translated it). If they didn't they definitely took it offline to brute force. I know that happened to linkedin (twice) in the times I've been on it. Can't say I've bothered to change that one either.
Obviously ... (Score:2)
As we reuse the one password that is not easy to guess, but we can remember and use since 45 years (and we know it never got "cracked").
Re: (Score:3)
The worst are the sites that make you have such a complicated password there is no way you can remember it.
Re: (Score:2)
That is actually the case where I work right now. ... so you safe the subversion password (which you should not as it is unsafe but plenty do). Now you are forced to change the password for your windows log in. An hour later you are playing with Eclipse and wonder why subversion gives error messages. Then you lock your screen and go to a colleague. When you come back you can
And they force one to change depending on system every 4 - 6 weeks.
Then again, half the systems use a single sign on solution via LDAP
No mystery... (Score:5, Insightful)
...we know more words.
Re: (Score:2)
Well said!
Impenetrable (Score:5, Funny)
I'm elderly and my password is so strong that I forget it in 2009 and haven't been able to log in to anything since.
Re: (Score:1)
I'm elderly and my password is so strong that I forget it in 2009 and haven't been able to log in to anything since.
That would hold more punch had you posted it as Anonymous Coward.
Elderly? (Score:4, Insightful)
>"Elderly Use More Secure Passwords Than Millennials[...]The majority of respondents ages 51 to 69 say they completely steer away from easily cracked passwords"
Under what/whose definition is a 51-year-old "elderly"??? Was this title written by a 20-year-old or something? Even 60 is hardly "elderly". And why are there only two groups- 18-34 and 51-69? They are not equal spans? What happened to 35-50?
Yeesh
Re: (Score:2)
What happened to 35-50?
We (mostly) use password managers ;-) I only know one password and it's to decrypt my local password datastore. When that gets corrupted I'll be resetting passwords for weeks. All of my passwords resemble 2r9aIx'DbFbKRU;v4u!LgRn so there's no way I'm remembering or typing any of them in.
Re: (Score:2)
What happened to 35-50?
We (mostly) use password managers ;-) I only know one password and it's to decrypt my local password datastore. When that gets corrupted I'll be resetting passwords for weeks. All of my passwords resemble 2r9aIx'DbFbKRU;v4u!LgRn so there's no way I'm remembering or typing any of them in.
Those of us older than 69 also use password managers.
Re: (Score:2)
Re: (Score:2)
Gen X had a brief flicker of spotlight in the 90s, then became quickly forgotten.
We were overshadowed by the Boomers from the 60s - 80s, and then when they had kids(The Millenials, who are now the largest generation), they became the generation du jour, as so aptly penned here. [liberatormagazine.com]
I do IT services in a retirement community (Score:3)
Chrono-Americans use better passwords because unlike the young, they write everything down. A user who never takes her laptop to Starbucks or to work is okay with setting up difficult passwords and then referring to a list in the silverware drawer when her grandchildren need to connect to the WiFi.
did not report ? (Score:2)
"The diligence of the older group could help explain why 82% of respondents in this age range did not report having had any of their online accounts compromised in the past year"
Did not report or have still not noticed ??
I joke...
Jelly Beans In The Jar (Score:2)
Grumpy Old People are Wise. (Score:2)
So, as a 57 yr old, I've noticed that people tend to get more jaded as they age. We've been through some shit, and don't want it to happen again. We're not as trusting of everyone as we were in our twenties and thirties. We've been scammed, or someone close to us has, so we've learned by experience. Learning from other people's mistakes isn't easy for most humans.
Now, get the hell off of my lawn.
Compromised not equal to brute force login (Score:2)
This article is stupid. Who says compromised accounts are gained by password guessing? There are many other ways:
Brute force is uncommon these days, because there is technology to limit password guessing.
Registration required to get white paper (Score:2)
In my experience, not so much. (Score:2)
The 'elderly' watched 'Wargames' (Score:1)
I use my age in my passwords (Score:2)
Everyone knows long passwords are more secure than short ones.
Yes. My mom (63) uses random-generated passwords (Score:2)
for much of her stuff. She's super-paranoid about hacking. I've been trying to convince her that she doesn't need such strong passwords for inconsequential websites, for example. Sometimes she has to read something like 7r8guP-a+uN-sUfe over the phone to me when she needs me to login somewhere to take care of something. Hilarity ensues...
Re: (Score:1)
Because they have them written on a piece of tape across the top of the monitor.
And ? Who's going to know unless you force your way into their home ?
Using a complicated to crack password and writing on a piece of paper sticked to the monitor is 100 times more useful than using a password you can crack in 2 minutes even if you keep it only in your head.
Of course if you do such a thing at work in an open space environment well that's stupid.
Re: (Score:1)
Using a complicated to crack password and writing on a piece of paper sticked to the monitor is 100 times more useful than using a password you can crack in 2 minutes even if you keep it only in your head.
Of course if you do such a thing at work in an open space environment well that's stupid.
That's why I use ROT13, twice.
Re: (Score:2)
If something goes wrong, mommy and daddy will fix it.
That explains why it was on the news yesterday that 1/3 of millennials are living with their enablers (parents). How the hell are they supposed to learn anything when we're still doing their laundry, making their dinner, and paying their bills?
Re: (Score:1)
You guys make me feel like I am not alone. I have three "millennial" generation children who did NOT get coddled for the first 18 (or 21) years of their lives and I still can't get rid of one of them. Two of them turned out okay but one of them bought into the whole package of unreasonable expectations, entitlement, and absence of accountability.. which I might add if you purchase all three you get a free box of Bernie Sanders bumper stickers, which that kid wallpapered his room with right before we kicked