Elders way better at password security than millennials

Stop making fun of Aunt Millie squinting at the screen: her password kicks your password’s butt, and she’s not the one reusing the same damn password for every site.

That’s according to a recent report [registration required] from Gigya, which has an API that businesses can use to let their customers log into websites using their social media accounts (and which, not surprisingly, titled its report “Death of the Password”).

According to survey results, Baby Boomers – people aged 51-69 – are the demographic most likely to use the security best practice of having a unique password for each and every online account: 65% of respondents said they have 5 or more passwords across their online accounts, compared with just 44% of millennials (ages 18-34).

The report didn’t give the figures on people ages 35-50, but it did say that only 16% of people follow best practices overall.

As we’ve explained, there’s a reason why the “don’t reuse passwords” mantra is, well, a mantra: even a long, strong, complicated password that looks devilishly hard to crack can become, effectively, a skeleton key to your whole online life if you’ve reused it. Once a crook’s got the login for one site, the door’s wide open to any other site where that login’s been used.

Password reuse isn’t the only way for attackers to get their hands on exact login names and passwords, of course. Logins can be captured in phishing attacks, keylogger malware can snatch them away, or security questions might be too easy to crack, to name a few.

The report found that people in their golden years also tend to shy away from using passwords that they know aren’t secure, like “password,” “1234,” or their birthdays. Out of the Baby Boomers surveyed, 53% claim that they never create easy-to-remember yet unsecure passwords, compared to 42% of Generation X respondents and 33% of millennials.

Is this because they’re writing their convoluted passwords on sticky notes and sticking them under their keyboards or onto their monitors, as snarked one Slashdot commenter? (probably some uppity stripling young’n!)

Somebody who’s probably a sage, silver-haired security savant snarked this back: “The day malware can lift your keyboard to look, the seniors are going to be in a lot of trouble.”

Great comeback! Still, don’t keep passwords on stickies. Even if we’re talking about your system at home, that still makes your login vulnerable to being snatched, right along with your computer, by a burglar, if not just by a passerby with roving eyes.

The survey also found that more than 25% of respondents said they don’t bother with creating gnarly passwords for sites associated with their financials, such as their bank accounts or ecommerce sites.

That’s not good. The way the Internal Revenue Service (IRS) has been grappling with identity theft should drive home how fraudsters are targeting our online financial assets.

Bank-related phishing is another danger, and one where the complexity of your password doesn’t even matter.

We’ve written many times about this sort of trickery, along with lots of advice to help you avoid it.

Of course, at least in theory, the older we get, the more money we should have to protect, given life savings, pensions and other assets: perhaps one reason why older, more jaded people are keener to protect it all.

One of the more surprising findings of the report was that older people are nearly twice as likely as millennials to set up two-factor authentication (2FA) when logging in to accounts.

2FA can help to ensure the validity of a user’s identity and minimizes the window of time in which phished credentials will work.

It’s one extra step when you’re logging in, but Baby Boomers apparently can spare the time. Particularly the Baby Boomer President Obama, who a few months ago said that passwords aren’t strong enough, so use 2FA!

Right or wrong, Gigya is suggesting that Millennials lack the “patience and dedication” of older generations when it comes to security best practices.

We don’t know if that’s right, but we do know the consequences of using bad passwords or reusing login credentials: they leave us more open to attack and can make the consequences of a successful attack worse.

Gigya’s survey claims that across all ages, more than 25% of respondents have had an online account compromised in the past 12 months. For Millennials, the number jumps to 35%. In contrast, this number drops to less than 20% for Baby Boomers.

Is that because Millennials are too impatient to use security best practices? Is it because they simply have far more online accounts than their elders do? Is it because some older people aren’t even aware that their accounts have been compromised?

Feel free to add your two cents below, be it elderly grousing or youthful yelps of indignation, but whatever you do, don’t dis Aunt Millie.