Passwords chosen by people over the age of 55 are stronger and more secure than the ones chosen by teenagers. That's what the largest study on password security revealed recently.
The study organized by Joseph Bonneau at the University of Cambridge analyzed 70 million Yahoo users' password. But Yahoo users have nothing to worry about as their data was protected during the analyzing process and Bonneau didn't get access to account info. Joseph still managed to measure the strength of password chosen by people of different age, nationality and gender.
"We find surprisingly little variation in guessing difficulty; every identifiable group of users generated a comparably weak password distribution," Joseph Bonneau wrote after revealing his study.
Another noticeable part of the study is, most of the debit or credit card users are not really tense about their security. All their accounts attached with these folks' debit or credit card are not secured with a strong password. Some of them even use weak passwords like "12345".
People from different countries and different language communities are also using weak passwords. "More surprisingly, even seemingly distant language communities choose the same weak passwords and an attacker never gains more than a factor of 2 efficiency gain by switching from the globally optimal dictionary to a population-specific lists," Bonneau said.
People with strongest passwords are also found in the category as people who change their passwords regularly. Some folks don't change their password for years and that makes them easy prey for hackers. Bonneau believes choosing a randomly selected number that is at least nine digits long can work as above-average level password strength. He suggests people who are related with password creating business should make people choose tough passwords.
"This is one of the rare studies based on a large set of passwords that are actively used and have been obtained legitimately," said Lujo Bauer of Carnege Mellon University in Pittsburgh, Pa. People who are using weak passwords should change it now.