[9 June 2012]
A researcher managed to get access to the hashed passwords of 70 million Yahoo users, and finds, among other things —
o) that passwords provide only about 10/20 bits of security against online/offline attacks
o) and that users over the age of 55 picked passwords twice as secure as teenagers.
The only explanation for the latter I can come up with is that older people have seen enough. The teenagers, presumably, are still too sheltered. This is probably a cultural thing, stemming from the concept that kids shouldn’t learn there’s evil in the world until a certain age.*
(Editorial aside: I HATE this way of thinking. Minimizing traumatic experiences, yes, good idea! But holding back knowledge? No way.
I believe in the ‘red pill’** approach to life. The truth may be horrifying and fucked up beyond all belief, but it’s better to know it nonetheless. Knowledge is the only way to freedom, and that’s the truly important thing. Not money, and certainly not power, but real, personal, freedom.)
** for the nerd-culturally deprived: https://en.wikipedia.org/wiki/Red_pill_and_blue_pill
Right, back on track, if only for a minute.
An interesting note in the article that German and Korean speakers picked the strongest passwords, while Indonesian speakers the weakest.
Maybe something about Germany’s history as a divided battleground of the Cold War and Korea’s current division and North-South tensions have led to greater popular security consciousness, it’s hard to say. If that were true I would also expect to see Israel high on the list, but the paper doesn’t mention it.
* (In Europe, age-restricted evil primarily refers to violence. In the US, it refers to sex, while violence seems to be considered good for all ages.
An amusing anecdote, way offtopic, that illustrates this beautifully: on a film shoot once, the cast and crew clustered around a laptop to watch a blood- and sex-soaked indie film trailer. Among the cast was a mother and her (real) son, of about 8. Whenever nudity came on she would cover her son’s eyes firmly. When people were getting their limbs cut off, she couldn’t care less. I pointed out this discrepancy and, after a moment of thought, she quit covering her son’s eyes entirely.)
“People over the age of 55 pick passwords double the strength of those chosen by people under 25 years old. That’s according to the largest ever study of password security, which also found that most of us choose passwords that are less secure than security experts recommend.
Joseph Bonneau, a computer scientist at the University of Cambridge, analysed the passwords of nearly 70 million Yahoo! users. The data had been protected using a security technique called hashing, which ensured he did not have access to the individual accounts. He calculated the password strengths for different demographic groups and compared the results.
A comparison of different nationalities found that German and Korean speakers choose the strongest passwords, whereas Indonesians pick the weakest.
People with a credit card stored on their account do little to increase their security other than avoiding very weak passwords such as “123456”. Unsurprisingly, people who change their password from time to time tend to select the strongest ones.”