Slashdot Mirror

← Back to Stories (view on slashdot.org)

Elderly Use More Secure Passwords Than Millennials, Says Report (qz.com)

Posted by BeauHD on from the respect-your-elders dept.

An anonymous reader writes from a report via Quartz: A report released May 24 by Gigya surveyed 4,000 adults in the U.S. and U.K. and found that 18- to 34-year-olds are more likely to use bad passwords and report their online accounts being compromised. The majority of respondents ages 51 to 69 say they completely steer away from easily cracked passwords like "password," "1234," or birthdays, while two-thirds of those in the 18-to-34 age bracket were caught using those kind of terms. Quartz writes, "The diligence of the older group could help explain why 82% of respondents in this age range did not report having had any of their online accounts compromised in the past year. In contrast, 35% of respondents between 18 and 34 said at least one of their accounts was hacked within the last 12 months, twice the rate of those aged 51 to 69."

103 of 153 comments (clear)

  1. 51 is "elderly"? by Anonymous Coward · · Score: 5, Funny

    Damn.

    1. Re:51 is "elderly"? by OhHellWithIt · · Score: 1

      That was my reaction, too.

      --
      "Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
    2. Re:51 is "elderly"? by Big+Hairy+Ian · · Score: 1

      Just shows that older users are wiser!

      --

      Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

  2. Age bias much? by Anonymous Coward · · Score: 2, Insightful

    51-69 is elderly???? Come on who wrote this.... 75 maybe, 80 even. But 50-60 is not.

    1. Re:Age bias much? by MrKrillls · · Score: 5, Funny

      I'm 64. 65 is elderly.

      --
      Don't step on the baby.
    2. Re:Age bias much? by whoever57 · · Score: 1

      65 is elderly.

      I hope not. Almost 60 here and I hope that I am not "elderly" in 5 more years.

      Based on family history, that would mean that I will have to live about 30 years as an "elderly person".

      --
      The real "Libtards" are the Libertarians!
    3. Re:Age bias much? by MrKrillls · · Score: 4, Insightful
      When I'm 65, 66 will be elderly. And so on...

      More seriously, I've decided elderly is a state of mind. Someone else's mind.

      --
      Don't step on the baby.
    4. Re:Age bias much? by techno-vampire · · Score: 1

      I'm 66, and 65 isn't elderly. It may have been elderly 50 years ago, but not now.

      --
      Good, inexpensive web hosting
    5. Re:Age bias much? by Cro+Magnon · · Score: 1

      I'm in my mid 50s. If anyone calls me "elderly" I'll thump them with my cane!

      --
      Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
    6. Re:Age bias much? by Ol+Olsoc · · Score: 1

      65 is elderly.

      I hope not. Almost 60 here and I hope that I am not "elderly" in 5 more years.

      Based on family history, that would mean that I will have to live about 30 years as an "elderly person".

      Welcome to the flip side of living longer. It's all pasted onto the elderly part.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    7. Re:Age bias much? by Ol+Olsoc · · Score: 1

      I'm 66, and 65 isn't elderly. It may have been elderly 50 years ago, but not now.

      Reminds me of those TV commercials where a woman states how she isn't going to age with a "I don't think so!"

      Good luck with never growing old.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    8. Re:Age bias much? by cyberchondriac · · Score: 1

      Exactly, that would be middle-aged. At 53 (nearly 54) I do not look or feel "elderly". Oh well..no point in getting butthurt over it though, it was just for ease of semantics I suppose.

      --

      Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
    9. Re:Age bias much? by Maritz · · Score: 1

      I should have just smoked weed all my life.

      I did, and as far as I can tell my grain still works breat.

      --
      I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
    10. Re:Age bias much? by lsatenstein · · Score: 1

      When I'm 65, 66 will be elderly. And so on...

      More seriously, I've decided elderly is a state of mind. Someone else's mind.

      I'm a senior. I don' t have trembles in the hand and fingers, but I have some life savings and some pensions. I do not work. If I am online and my ID is hacked, and then my id is stolen, the impact to my possessions is possibly depletion without my knowledge.

      Ergo, I take the time to create a password that is long, is varied, is with characters added to the US keyboard layout. Characters like € or ¥ and like # ± £
      I go on the assumption that typical hacker software will not look outside the range of what can be entered with a US standard keyboard layout.

      --
      Leslie Satenstein Montreal Quebec Canada
    11. Re:Age bias much? by MrKrillls · · Score: 1

      Damn good thinking!!! I like that. Characters outside normal scope. I didn't know they would work.

      --
      Don't step on the baby.
    12. Re:Age bias much? by Rakarra · · Score: 1

      Based on family history, that would mean that I will have to live about 30 years as an "elderly person".

      Yes, exactly, which is the big problem we face now with our ability to extend life and let people live longer. It's not the healthy part of life that's being extended.

    13. Re:Age bias much? by Rakarra · · Score: 1

      Damn good thinking!!! I like that. Characters outside normal scope. I didn't know they would work.

      Most services I sign up for have really stupid restrictions on what characters can be put in a password. No spaces, oftentimes even no punctuation.

    14. Re:Age bias much? by MrKrillls · · Score: 1

      I've noticed that too. But it doesn't make your excellent idea any less excellent. It just makes such sites look less safe compared to what they could be.

      --
      Don't step on the baby.
  3. Number of accounts matters as well by FireballX301 · · Score: 4, Interesting

    I strongly suspect that 'millennials' have password protected accounts at far more places online than 51+ people. At that point it doesn't matter how strong your password is, but which shitty service stores your password as unsalted MD5 and lets the intern leave the remote login session active

    1. Re:Number of accounts matters as well by Anonymous Coward · · Score: 1

      how many of those compromised accounts were because they gave their passwords out to friends?

    2. Re:Number of accounts matters as well by Karl+Cocknozzle · · Score: 4, Insightful

      You're looking at it backwards: The elderly have better passwords because the things they do have passwords to are vital to their survival. That is, their online banking, brokerage, pension, insurance company, medicare, social security. And unlike millennials, elderly are keenly aware of how crucial keeping control of their money is to their independence and personal security.

      --
      Who did what now?
    3. Re:Number of accounts matters as well by RenderSeven · · Score: 1

      I strongly suspect that 51+ people have had password protected accounts for 30 years longer than 'millennials'. I'd bet I've forgotten about more accounts than the average millennial has ever had.

    4. Re:Number of accounts matters as well by ryanmc1 · · Score: 1

      You should never use the same password on multiple sites for this exact reason. It is easy to make a simple change to your password for each site, for example use the first character of the domain as the 5th character in your password, the rest stays the same. This makes each password unique and cannot be used to hack another account, but still easy to remember.

    5. Re:Number of accounts matters as well by toonces33 · · Score: 1

      I use Pwsafe on Android myself. I can just copy the database from my desktop to the phone, and I am ready to go. No conversion required - databases are binary compatible.

      And BTW - I use a Yubikey plus a password to open the safe. On the PC, I insert the Yubikey in a USB slot when I want to open the safe. On the phone I make use of the fact that the Yubikey has NFC, and support for that has been integrated into pwsafe - there I just hold the yubikey up against the back of the phone to finish the unlock process.

    6. Re: Number of accounts matters as well by sectokia · · Score: 1

      Did any one cheek the paper to see if they normalised for number if accounts, or even better, only asked for passwords of important primary accounts like banks? If not, another completely stupid and flawed servey passed off as research.

    7. Re: Number of accounts matters as well by sectokia · · Score: 1

      Depends entirely on how that one character is hidden. If crackers seen a password "HorseXStaple" they will add "Horse[a-zA-Z] Staple" to their list of passwords. As the words are recognised as exacts, while the middle bit is recognised as a miss fit single character.

    8. Re:Number of accounts matters as well by LostMyBeaver · · Score: 1

      I was looking for this one.

      The fact is, like most research these days, it's half-assed. They apparently wrote a survey and paid someone to make calls but the survey didn't adapt to the reality. Like "If the user's accounts have been jacked... why?"

      I have passwords I print out and hang up like wireless access and netflix accounts. I have passwords which I use for banking. Passwords I use for servers, etc...

      There's the other issue as well... how about who jacked their accounts?

      Ex-girl/boy friend? Ex-BFF? Etc... Why did the person jack their accounts? Older people like myself could probably print half my passwords out and hang them up at work and never worry about them being taken. The reason is, the people I surround myself with aren't really into drama and such. The only password you can't share is Facebook because you don't want to leave that where your colleagues can be too tempted to make some entertaining postings in good fun. On the other hand, young people tend to still have some growing up to do.

    9. Re:Number of accounts matters as well by arglebargle_xiv · · Score: 1

      They also didn't look at things like password reuse. I do informal tech support for family and neighbours, and for people in the (snort) "elderly" age group their one password, while it may not be "1234" or "password", is reused everywhere. No concept of sanitary password use, you've got one secret and that's good for everything from MyFaceChatsApp to online banking.

    10. Re:Number of accounts matters as well by Aighearach · · Score: 1

      darn whippersnappers these days don't even know how the machines work anymore. Pretty soon our society will be like in Spock's Brain.

      "Brain, brain, and more brain, what is brain."

    11. Re:Number of accounts matters as well by AmiMoJo · · Score: 1

      Millennials probably have good passwords for their online banking and email too, or two factor auth even. It's just that they also have many other disposable accounts with weak passwords that they don't care at all about.

      I use the same password or a slight variation for many throw-away accounts, but the stuff that actually matters has unique strong codes and I always enable 2FA if available.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    12. Re:Number of accounts matters as well by AmiMoJo · · Score: 1

      HAHAHA disregard that, I suck cocks

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    13. Re: Number of accounts matters as well by jbmartin6 · · Score: 2

      I don't think you need a password to log in as AC.

      --
      This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
    14. Re:Number of accounts matters as well by shaitand · · Score: 1

      I've done a lot of the same once upon a time and professionally. This study has it backwards. It's the elderly that use 1234 or a birth year as a pin code. If this trend is down it's because you can't use those easy passwords for most things anymore.

      The elderly have fewer accounts, use them less, are less likely to be specifically targeted, and are less likely to know when their account has been compromised. This is a much more plausible explanation for reduced reports of compromised accounts.

    15. Re: Number of accounts matters as well by omnichad · · Score: 1

      So....starting with A, B, C, D, or E?

    16. Re:Number of accounts matters as well by shaitand · · Score: 1

      "The elderly have better passwords because the things they do have passwords to are vital to their survival. That is, their online banking, brokerage, pension, insurance company, medicare, social security."

      That's true but only the part where they only have crucial accounts is their fault. The rest of those things have atypically strong password requirements so the elderly have no choice but to use secure passwords. The elderly actually fall into the most likely to use category for a single digit, a family member birth year, or sequential number like 1234 as a pin code for their atm for example.

    17. Re: Number of accounts matters as well by Hognoxious · · Score: 1

      Did any one cheek the paper

      LOL, n00b.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    18. Re:Number of accounts matters as well by Ol+Olsoc · · Score: 1

      I strongly suspect that 'millennials' have password protected accounts at far more places online than 51+ people. At that point it doesn't matter how strong your password is, but which shitty service stores your password as unsalted MD5 and lets the intern leave the remote login session active

      My experience with millennials is that they share passwords, they tend towards short easy passwords and some even open text them. People older than 51 are not all the grandma meme, why some of us are even tech and security savvy, as well has having more assets to protect, so logic might come to the conclusion we are more careful.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    19. Re:Number of accounts matters as well by Ol+Olsoc · · Score: 1

      For example, I use my least secure password for slashdot. If you pwn my slashdot account, you need to move out of your mother's basement.

      Captcha: Diffused.

      You save the captcha? How does that work the next time you post, AC?

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    20. Re:Number of accounts matters as well by WallyL · · Score: 1

      For those of you who don't get it, here's the obligatory xkcd.

  4. Obvious... by K.+S.+Kyosuke · · Score: 4, Funny

    The sixty-year old guy's password: "NowIsTheWinterOfOurDiscontent"

    The thirty-year-old guy's password: "trumpsucks" ("trumpsucksbigtime" if you're lucky).

    --
    Ezekiel 23:20
    1. Re:Obvious... by ravenshrike · · Score: 1

      The thirty-year-old guy's password: "theyallsuck", "politicianssuck" ("theyallsuckandthewinnersoftheprimariesshouldbeforced intothunderdomestylecagematchesbecauseatleastthatwouldbeentertaining" if you're lucky) .

      FTFY

    2. Re:Obvious... by techno-vampire · · Score: 1

      Or, if you're in your mid sixties, as I am, you use a realistic easy to remember password: ICan'tRememberMyPassword!

      --
      Good, inexpensive web hosting
    3. Re:Obvious... by Minupla · · Score: 1

      Actually that's close to my password generation alg:

      An acronym from a song lyric,+ some telephone number + something current so:
      ng2gyung2lyd4165555555/. (and if you decoded the song lyric, I just rickrolled you as a bonus!) by the time my work place goes through a password cycle, I've committed it to muscle memory, and until then I can regenerate it from the algorythm. And it's not something a brute force or a dictionary attack is going to break, even if the attacker knew my method.

      Min

      --
      On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
    4. Re:Obvious... by donaldm · · Score: 1

      The sixty-year old guy's password: "NowIsTheWinterOfOurDiscontent"

      The thirty-year-old guy's password: "trumpsucks" ("trumpsucksbigtime" if you're lucky).

      You could use something like "mkpasswd -l 29" or if you are really paranoid "mkpasswd -l 64". Now all you have is the problem of remembering it unless you have a password database which you secure with a password of 123456. ;-)

      --
      There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
    5. Re:Obvious... by AmiMoJo · · Score: 1

      Both of those are pretty weak though. "NowIsTheWinterOfOurDiscontent" will be in any half decent cracking dictionary, with automatic case variations and with/without spaces. "trumpsucks" is obviously terrible, and adding capitalization or a few random digits won't help it much.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    6. Re:Obvious... by K.+S.+Kyosuke · · Score: 1

      "NowIsTheWinterOfOurDiscontent" will be in any half decent cracking dictionary

      That's a very convenient "argument". You'll just label any cracking dictionary without it as "obviously not even half decent, case closed" and that's it. Very clever!

      --
      Ezekiel 23:20
    7. Re:Obvious... by AmiMoJo · · Score: 1

      I think that by any objective measure a cracking dictionary should contain common phrases, like popular Shakespeare quotes and song lyrics. Those are widely known to be popular passwords, appearing regularly in top 100 lists.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  5. A few thoughts... by wardrich86 · · Score: 2, Insightful

    The older group are probably more likely to have their passwords written down on sticky notes under their keyboards, or stuck to their monitors.

    Furthermore, the percent of hacked accounts would be hard to solve, as many younger folk are likely signed up to way more sites and services using the same password across the board. This would easier intrusion into the more secured sites.

    1. Re:A few thoughts... by TheCarp · · Score: 4, Informative

      > The older group are probably more likely to have their passwords written down on sticky notes under their keyboards, or stuck to their monitors.

      The day malware can lift your keyboard to look, the seniors are going to be in a lot of trouble.

      --
      "I opened my eyes, and everything went dark again"
    2. Re:A few thoughts... by angel'o'sphere · · Score: 1

      The older group are probably more likely to have their passwords written down on sticky notes under their keyboards, or stuck to their monitors.

      The elderly are smart enough to have them in a smartphone ... as a note to a fake contact in the address book or elsewhere. Even I have passwords that cant be easy remembered. At the place where I'm working right now I have over 10 different passwords.
      Most people there keep their passwords in a word file on the desktop. So much for security ...

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    3. Re:A few thoughts... by oneiros27 · · Score: 2

      The older group are probably more likely to have their passwords written down on sticky notes under their keyboards, or stuck to their monitors.

      The older group come from a time when we actually had to remember people's phone numbers, without having them all programmed into our cell phone.

      Many of them have also been typing on real keyboards for decades, so it's no big deal to have a 16 character password.

      Need a fairly secure password? Use the address of your best friend from 1970. Or the phone number of your favorite pizza place when you were 12 concatenated with your favorite two toppings. Or a couple of lines from your favorite song ... or poem, or movie quotes.

      If you have good memory, and aren't afraid to type, good passwords are easy.

      Of course, it probably also helps that they likely have something to protect ... and are retired, so aren't working at some company that insists on them changing EVERY LAST PASSWORD every 30 days ... until they get to the point where they're changing it to crap like 'Ih8passwords' and 'FuckYou2' just so they can get their job done.

      --
      Build it, and they will come^Hplain.
    4. Re:A few thoughts... by thinkwaitfast · · Score: 1

      Yes! When I was big into BBSes, I had close to 60 telephones numbers and logins memorized, not counting all the people I knew. I found that it's really a learned skill, and the more I memorized the easier it became. I don't have a cell phone, but still don't write people's numbers down. And no, my computer could not auto dial.

    5. Re:A few thoughts... by hey! · · Score: 1

      Writing down a hard-to-remember password is sometimes a better strategy than memorizing a low-entropy password. It depends on the nature of the threat.

      You have to do a threat assessment. Who are you worried about? For example at work, writing down your server passwords and sticking them in your desk drawer is a bad idea, because one of the purposes of that password is to distinguish between you and coworkers, some of whom might have nefarious reasons to impersonate you. But let's say it's the password to your company's twitter account, and anyone in your office could legitimately use that password. Then a hard-to-remember password like "F4f`kg\HrEX[*yn[" written down on a slip of paper in your upper right hand drawer where everyone knows it lives might be a good solution, especially if you have other means of determining who actually posted something.

      Here's what I recommend to many people. For really important stuff like your brokerage account, choose a tough random password and write it down in several places -- in your safe deposit box, your wallet, your safe. Then choose an easy to remember password and concatenate the two. There you have it: poor man's two factor authentication: something you have + something you know.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    6. Re:A few thoughts... by Gr8Apes · · Score: 1

      I am at the point now where I have so many passwords and so many phone numbers, that I don't even bother remembering anything I don't use monthly. For the rest, a password manager keeps them secure and safe, and it's not on my phone. The biggest problem with millennials is that they want access to everything on their phone. Unlike them, I prefer a real screen with actually usable real estate and functionality. I can complete a transaction on my laptop in about 5s that takes a millennial 5 minutes on their device of choice.

      --
      The cesspool just got a check and balance.
  6. Cluelessly Bad Analysis by Fringe · · Score: 4, Insightful

    There is so much wrong with that as to be comical.

    When do you ever hear about insecure passwords being compromised? That doesn't happen. They get leaked. Constantly. But not guessed, not when they can be leaked or stolen.

    So how does a super-ultra-secure password help?

    And then we have this odd bit of math, that 18% of the >51 age range had compromised accounts, while less than double that, 35%, of the youngest range had. Probably, but unclear because the report requires providing PII, while having four times more accounts. I'd certainly bet that the 18-to-34 age bracket has more than double the account count of the compu-geysers. (I say as someone just squeaking below that bar.)

    Which would imply that, mathematically, insecure passwords are more secure. Go figure.

    1. Re:Cluelessly Bad Analysis by whoever57 · · Score: 1

      Or the elderly are less likely to realize that their account has been hacked?

      --
      The real "Libtards" are the Libertarians!
    2. Re:Cluelessly Bad Analysis by eskayp · · Score: 1

      We is compu-GEEZERS, not compu-geysers.
      Unless, of course, you are snarkily referring to our propensity to froth at the mouth while eating milk toast while sitting in our wheelchairs.

      --
      I didn't desert Windows; Windows deserted me: BSOD
    3. Re:Cluelessly Bad Analysis by Anonymous Coward · · Score: 1

      The people who were in the prime of their engineering careers during the rise of the age of computers and the internet are those who are just now passing the age of 65. Assuming no degenerative disorders, these people very much understand account security. But, I suppose they are a very small fraction of that age bracket.

    4. Re:Cluelessly Bad Analysis by throwaway18 · · Score: 2

      A competently operated website will store hashes of the passwords instead of the passwords themselves.
      If the hashes get leaked then typically two thirds of the passwords will be revealed in the first few minutes of cracking because people mostly use weak passwords, sites use hashing algorithms that arn't slow enough and GPU's can try billions of passwords per second for common algorithms.

      However a good password, such as 14+ random letters and numbers or 5+ random words that don't appear together anywhere in published literature, still won't be revealed from the hash, so it is lower risk to reuse across sites, not zero risk because it could be captured when you log in to a hacked site and due to site storing plaintext passwords.

    5. Re:Cluelessly Bad Analysis by Gr8Apes · · Score: 1

      We store programmatically salted hashes of passwords. Reversing those can't even be done with rainbow tables, not without generating a table per salt, which is going to be a long drawn out process. We're looking at even putting those hashes in a shadow table referenced by a different salted hash value which generated on the fly. So merely grabbing the DB won't do you a lick of good, especially as even the account user login is also hashed. 2 main pieces of data for logins, no (simple) way to grab them. Running certain reports requires going through a server, but that removes one major vector for data leaks and manipulations, direct DB access.

      --
      The cesspool just got a check and balance.
    6. Re:Cluelessly Bad Analysis by tlhIngan · · Score: 1

      We store programmatically salted hashes of passwords. Reversing those can't even be done with rainbow tables, not without generating a table per salt, which is going to be a long drawn out process.

      Salts prevent use of rainbow tables, which helps a little bit. Modern password crackers are dictionary based, with various "twiddles" applied to each word (capitalization, add a number, replace certain characters with numbers, etc). So if the dictionary says "password", the cracker will try "password", "Password", "PASSWORD", "passw0rd", etc.

      Since it 's done via GPU, it's hashed quite quickly. and salts just mean you start from source dictionary.

      That's why trivial mashing of passwords is easy to crack - the modern dictionary based password cracker tests simple combinations and substitutions already.

      And no, it won't get 100% of passwords - but you'll be able to crack probably 30-50% of them within a day with even a smallish dictionary of say, top 100 passwords plus combinations.

    7. Re:Cluelessly Bad Analysis by Gr8Apes · · Score: 1

      I should mention each password starts with its own salt...

      --
      The cesspool just got a check and balance.
  7. Millenials are the worst! by kamapuaa · · Score: 2

    Millenials are the worst!

    Also, women, foreigners, minorities, point-haired bosses, liberal arts majors, and really anybody who isn't an old white man with an interest in science/math! They're all the worst!

    --
    Slashdot: providing anti-social weirdos a soapbox, since 1997.
    1. Re:Millenials are the worst! by tnk1 · · Score: 2

      As overblown as the term has gotten, we actually haven't all been Millennials. Life was objectively different for those of us who grew up before that period.

      Yes, they do share some of the characteristics that all young people have had, of course, but they have a somewhat different background and priorities.

      As far as trash talking the young, that is both the right and duty of being an elder. Now, get off my lawn.

    2. Re:Millenials are the worst! by thinkwaitfast · · Score: 1

      No, when I was a kid, they were called yuppies and you had to be rich or at least well off. But yes, most normal people disliked them. I thought they were obnoxious and I was younger than any of them.

    3. Re:Millenials are the worst! by Bing+Tsher+E · · Score: 1

      Millenials are the worst!

      Also, women, foreigners, minorities, point-haired bosses, liberal arts majors, and really anybody who isn't an old white man with an interest in science/math! They're all the worst!

      No, just millenials.

    4. Re:Millenials are the worst! by desdinova+216 · · Score: 1

      the older generation has always been criticizing the younger generation for as long as humanity been around

  8. Re:Because by Anonymous Coward · · Score: 1

    Because they have them written on a piece of tape across the top of the monitor.

    And ? Who's going to know unless you force your way into their home ?
    Using a complicated to crack password and writing on a piece of paper sticked to the monitor is 100 times more useful than using a password you can crack in 2 minutes even if you keep it only in your head.

    Of course if you do such a thing at work in an open space environment well that's stupid.

  9. pwgen -y by bigtreeman · · Score: 2

    I'm nearly 60, s'pose that makes me nearly elderly.
    I pick my passwords using
    pwgen -y
    and select from a screen full of 'memorable' passwords

    --
    Go well
    1. Re:pwgen -y by donaldm · · Score: 1

      I'm nearly 60, s'pose that makes me nearly elderly. I pick my passwords using pwgen -y and select from a screen full of 'memorable' passwords

      Tried this and got:
      atom ~] 13:35:13 > pwgen
      bash: pwgen: command not found

      Ok. I installed it and by default you get a list of passwords without any special characters and if you want you can customize the list. It is even possible to generate single passwords.

      Personally, I prefer the command mkpasswd which will give you a new password each time you run it (IMHO preferable to a default list, but to each their own). You do need to install expect though. You can even use options if you want different length passwords or even customize your password for those sites that have stupid password policies.

      --
      There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
  10. In other words... by skam240 · · Score: 3, Insightful

    ...old people are on average more responsible than young people! Groundbreaking research!

    --
    I ignore Anonymous Coward posts. If you want to discuss something, that's awesome. Log in.
  11. There's a time and place for secure passwords by redmid17 · · Score: 1

    Anything that is financially sensitive or has access to lots of personal correspondence will require a very secure password. My email password is 26 characters. My social media one is 16. My bank password is less "secure" because they don't accept quite a few characters that Google/MS/FB accept, but it's still not something anyone is gonna spend any time cracking.

    Then we get to sites like my newspaper subscription or my intramural sports login. Those are just simple dictionary words I've used since I was 12. I don't give a shit if someone hacks into those accounts. By all means log in and view my mediocre playoff record.

    1. Re:There's a time and place for secure passwords by angel'o'sphere · · Score: 3, Interesting

      but it's still not something anyone is gonna spend any time cracking
      The misconception is that people think you can 'crack a password'.
      You can't.
      If you try to log on on any system and fail several times it shuts you out.
      So, cracking a password is only possible if the password is stored on a system, likely hashed or encrypted, and leaks. If your system is leaking password files, then you have much bigger issues than weak passwords.
      See the linkedin disaster.

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    2. Re:There's a time and place for secure passwords by redmid17 · · Score: 1

      but it's still not something anyone is gonna spend any time cracking The misconception is that people think you can 'crack a password'. You can't. If you try to log on on any system and fail several times it shuts you out. So, cracking a password is only possible if the password is stored on a system, likely hashed or encrypted, and leaks. If your system is leaking password files, then you have much bigger issues than weak passwords. See the linkedin disaster.

      Erm that's pretty much the only way I know of doing it. A few years ago before they limited login attempts (I assume), someone did break into my twitter account to spam in Russian (for boner pills apparently after I translated it). If they didn't they definitely took it offline to brute force. I know that happened to linkedin (twice) in the times I've been on it. Can't say I've bothered to change that one either.

  12. Obviously ... by angel'o'sphere · · Score: 1

    As we reuse the one password that is not easy to guess, but we can remember and use since 45 years (and we know it never got "cracked").

    --
    Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    1. Re:Obviously ... by NotQuiteReal · · Score: 2

      Alas, sometimes you can't re-use (or even use logical variations) due to the retarded disparity in password policies (required characters for some sites are forbidden on others...).

      The worst are the sites that make you have such a complicated password there is no way you can remember it.

      --
      This issue is a bit more complicated than you think.
    2. Re:Obviously ... by angel'o'sphere · · Score: 1

      That is actually the case where I work right now.
      And they force one to change depending on system every 4 - 6 weeks.
      Then again, half the systems use a single sign on solution via LDAP ... so you safe the subversion password (which you should not as it is unsafe but plenty do). Now you are forced to change the password for your windows log in. An hour later you are playing with Eclipse and wonder why subversion gives error messages. Then you lock your screen and go to a colleague. When you come back you can no longer log in as your account is locked because subversion used more than 3 times the *old* meanwhile changed windows password.
      Some passwords need to be 10 some even 12 characters long.
      Some need to have one of three special chars, and don't allow any others.
      Some require you to change minimum two consecutive chars in a certain range of the password, e.g. the first 6 chars. (Which would allow to keep the rest of the password constant). But then again it may not be 2 digits, so you can not use month as "help", and fragments like jan, feb, mar are forbidden in any part of the password.

      I think I will try if I can use reversed month, or learn the Maya names of them and use those, lol.

      Reactivating a locked account takes about two days ... and never mind what security problems they still have. I guess it is superfluous to mention: I work in a bank.

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
  13. No mystery... by Deadstick · · Score: 4, Insightful

    ...we know more words.

    1. Re:No mystery... by hyades1 · · Score: 1

      Well said!

      --
      I've calculated my velocity with such exquisite precision that I have no idea where I am.
  14. When I write my passwords down... by NotQuiteReal · · Score: 4, Interesting

    My password "cheat sheet" purposely has typos in them, and don't explicitly say what they go to.

    My memory is good enough to know them by heart most of the time, but for some seldom used ones, just looking at my notes is enough to remind ME. I wouldn't want to have someone take my crib notes, but the casual burglar isn't likely to be sober long enough or be patient enough to try and figure out my mess-o-letters.

    (oh, and it is in an encrypted .docx file, not printed on paper.)

    --
    This issue is a bit more complicated than you think.
    1. Re:When I write my passwords down... by Drethon · · Score: 1

      My password cheat sheet is the word used for the core of the password. Then I interweave a numerical pattern I've used for so many years I'm unlikely to forget it. Now if I ever have to change that number pattern, I'm kind of screwed.

  15. Impenetrable by PopeRatzo · · Score: 5, Funny

    I'm elderly and my password is so strong that I forget it in 2009 and haven't been able to log in to anything since.

    --
    You are welcome on my lawn.
    1. Re:Impenetrable by Anonymous Coward · · Score: 1

      I'm elderly and my password is so strong that I forget it in 2009 and haven't been able to log in to anything since.

      That would hold more punch had you posted it as Anonymous Coward.

  16. Elderly? by markdavis · · Score: 3, Insightful

    >"Elderly Use More Secure Passwords Than Millennials[...]The majority of respondents ages 51 to 69 say they completely steer away from easily cracked passwords"

    Under what/whose definition is a 51-year-old "elderly"??? Was this title written by a 20-year-old or something? Even 60 is hardly "elderly". And why are there only two groups- 18-34 and 51-69? They are not equal spans? What happened to 35-50?

    Yeesh

    1. Re:Elderly? by justMichael · · Score: 1

      What happened to 35-50?

      We (mostly) use password managers ;-) I only know one password and it's to decrypt my local password datastore. When that gets corrupted I'll be resetting passwords for weeks. All of my passwords resemble 2r9aIx'DbFbKRU;v4u!LgRn so there's no way I'm remembering or typing any of them in.

    2. Re:Elderly? by thinkwaitfast · · Score: 1

      Gen X. AKA the missing or sandwich generation. Also an early Billy Idol band.

    3. Re:Elderly? by Sir_Eptishous · · Score: 1

      What happened?

      Gen X had a brief flicker of spotlight in the 90s, then became quickly forgotten.

      We were overshadowed by the Boomers from the 60s - 80s, and then when they had kids(The Millenials, who are now the largest generation), they became the generation du jour, as so aptly penned here.

      --
      We play the game with the bravery of being out of range
    4. Re:Elderly? by John_Sauter · · Score: 1

      What happened to 35-50?

      We (mostly) use password managers ;-) I only know one password and it's to decrypt my local password datastore. When that gets corrupted I'll be resetting passwords for weeks. All of my passwords resemble 2r9aIx'DbFbKRU;v4u!LgRn so there's no way I'm remembering or typing any of them in.

      Those of us older than 69 also use password managers.

  17. I do IT services in a retirement community by Applehu+Akbar · · Score: 2

    Chrono-Americans use better passwords because unlike the young, they write everything down. A user who never takes her laptop to Starbucks or to work is okay with setting up difficult passwords and then referring to a list in the silverware drawer when her grandchildren need to connect to the WiFi.

  18. Re:Because by The+Grim+Reefer · · Score: 1

    Using a complicated to crack password and writing on a piece of paper sticked to the monitor is 100 times more useful than using a password you can crack in 2 minutes even if you keep it only in your head.

    Of course if you do such a thing at work in an open space environment well that's stupid.

    That's why I use ROT13, twice.

  19. did not report ? by Archfeld · · Score: 1

    "The diligence of the older group could help explain why 82% of respondents in this age range did not report having had any of their online accounts compromised in the past year"

    Did not report or have still not noticed ??
    I joke...

    --
    errr....umm...*whooosh* *whoosh* Is this thing on ?
  20. Jelly Beans In The Jar by JimSadler · · Score: 1

    Older folks have a bigger stash and also don't have time to start over, saving money. It is logical that they are more eager to protect what they have than a generation that not only has much less but also has time to recover from a loss. Older folks need more protection.

  21. Grumpy Old People are Wise. by dcw3 · · Score: 1

    So, as a 57 yr old, I've noticed that people tend to get more jaded as they age. We've been through some shit, and don't want it to happen again. We're not as trusting of everyone as we were in our twenties and thirties. We've been scammed, or someone close to us has, so we've learned by experience. Learning from other people's mistakes isn't easy for most humans.

    Now, get the hell off of my lawn.

    --
    Just another day in Paradise
  22. Re:Millennials don't care about security by dcw3 · · Score: 1

    If something goes wrong, mommy and daddy will fix it.

    That explains why it was on the news yesterday that 1/3 of millennials are living with their enablers (parents). How the hell are they supposed to learn anything when we're still doing their laundry, making their dinner, and paying their bills?

    --
    Just another day in Paradise
  23. Compromised not equal to brute force login by labradort · · Score: 1

    This article is stupid. Who says compromised accounts are gained by password guessing? There are many other ways:

    • Phished
    • Same password used at another service which was phished
    • Keylogger malware
    • Technology exploit (e.g. website)
    • Security questions too easy to crack

    Brute force is uncommon these days, because there is technology to limit password guessing.

  24. Registration required to get white paper by labradort · · Score: 1

    This white paper requires registration to obtain. The whole thing is a poorly veiled attempt to sell the identity management solution. This isn't news. This is infomercial.

  25. In my experience, not so much. by sabbede · · Score: 1

    I've seen a lot of very weak passwords from my elderly users, and those that look strong are often guessable with a little research. If you know the names and birth years of their grandchildren, you probably have all you need.

  26. The 'elderly' watched 'Wargames' by lamer01 · · Score: 1

    and Ferris Bueller.

  27. I use my age in my passwords by Cro+Magnon · · Score: 1

    Everyone knows long passwords are more secure than short ones.

    --
    Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
  28. Re:Millennials don't care about security by EmagGeek · · Score: 1

    You guys make me feel like I am not alone. I have three "millennial" generation children who did NOT get coddled for the first 18 (or 21) years of their lives and I still can't get rid of one of them. Two of them turned out okay but one of them bought into the whole package of unreasonable expectations, entitlement, and absence of accountability.. which I might add if you purchase all three you get a free box of Bernie Sanders bumper stickers, which that kid wallpapered his room with right before we kicked him out of the house.

    My youngest just turned 22 and has still not figured out his "life calling," as he puts it. Mom and I just had to cut him off of the free meals because he would come over almost every day unannounced for both lunch AND dinner, so now he's only allowed over for dinner once per week (and don't get me started on the shitstorm he tried giving me for that, or what it took for him to just get out of the house and into his own apartment).

    Some day maybe I'll figure out how someone who is 22 years old finds it acceptable that "making a living" is living in a run down apartment with two roommates and working a part time job at a coffee shop (not even Starbucks, because they're a big, evil corporation, man!). The kid has no ambition, no savings, and no plan, despite being encouraged his entire life.

    My other kids are a Veterinarian and a Lawyer... not sure what happened to this one.

  29. Are you kidding me? by tsnow · · Score: 1

    The "report" is just the outcome of an online poll-- i.e. they asked people if they believed they were creating secure passwords. The only data they're tracking is based on whomever answered their survey, not an actual observation of passwords created by any age group. Honestly, as someone who deals with both targeted groups on a daily basis, I can assure you that I've seen some incredibly bad passwords, and they're typically created by people in the +50 age range.

  30. Yes. My mom (63) uses random-generated passwords by Optic7 · · Score: 1

    for much of her stuff. She's super-paranoid about hacking. I've been trying to convince her that she doesn't need such strong passwords for inconsequential websites, for example. Sometimes she has to read something like 7r8guP-a+uN-sUfe over the phone to me when she needs me to login somewhere to take care of something. Hilarity ensues...

  31. I got it! by wyHunter · · Score: 1

    I know how we over 50s can have absolutely secure passwords that the younger hackers can't get at! Write them..in CURSIVE...