Skip to main content

The kids ain't alright? Youngsters take little care when making digital passwords, new study finds

As concerns about digital privacy continue to rise, the largest ever study of Internet security has revealed that baby boomers pick the strongest passwords, while more tech savvy youngsters have a tendency to be a bit ‘lax' in regards to protecting their private electronic details.

So say the findings of Joseph Bonneau, a researcher at Cambridge University, whose massive survey took into account the password details of some 70 million Yahoo users and ultimately found that over-55s create secret letter-number sequences twice as strong as their under-25 counterparts.

Weak passwords were noticeable across every demographic group reviewed, though a pattern emerged indicating that older groups tended to take more care to compose strong online passwords.

"There is a general trend towards better password selection with users' age, particularly against online attacks," the IT researcher wrote.

His intensive evaluation revealed a number of further intriguing findings: users who cited German and Korean as their preferred language tended to pick the best passwords, while Indonesian speakers typically picked the weakest. Gender-based differences were minimal.

Perhaps most tellingly, Bonneau's research found that computer users generally fail to vary their password strength according to the sensitivity of the account, meaning there is little difference between how we register for an online payment service and how we may approach joining a fantasy football site.

"Passwords have been argued to be ‘secure enough' for the web with users rationally choosing weak passwords of accounts of little importance," he said.

"These results may undermine this explanation as user choice does not vary greatly with changing security concerns," he added.

Password strength is measured in bits. A one-bit password has a 50 per cent likelihood of being identified on the first guess, with each bit doubling its effectiveness against unwanted invasion. A randomly composed six figure security code alternately meshing upper and lower case letters with numbers would require more than four billion attempts to accurately recognize it.

The Cambridge research discovered that an average password has less than 10 bits of security, meaning it would take less than 1,000 attempts to break - a process that would take only a few seconds for sophisticated hacking software.

Security is one of ITProPortal's many areas of expertise and those interested in the best ways to resist attacks by electronic lowlifes should see this article dedicated to password selection.