Abstract
Password hygiene plays an essential part in securing systems protected with single-factor authentication. A significant fraction of security incidents happen due to weak or reused passwords. The reasons behind differences in security vulnerable behaviour between various user groups remains an active research topic. The paper aims to identify the impact of age and gender on password strength using a large password dataset. We recovered previously hashed passwords of 102,120 users from a leaked customer database of a car-sharing company. Although the measured effect size was small, males significantly had stronger passwords than females for all age groups. Males aged 26–45 were also significantly different from all other groups, and password complexity decreased with age for both genders equally. Overall, very weak password hygiene was observed, 72% of users based their password on a word or used a simple sequence of digits, and passwords of over 39% of users were found in word lists of previous leaks.
Highlights
Cybercriminals target vulnerabilities that are easiest to exploit, and humans continue to constitute both a huge attack surface and the weakest component in any organisation [1]
We discarded 536 records with zero-length passwords, assuming they belong to users who have not completed a full registration process
There were 100,317 records with valid Lithuanian personal codes and non-zero passwords (91% of the whole set), with 67,997 records belonging to male users and 32,320 records belonging to female users
Summary
Cybercriminals target vulnerabilities that are easiest to exploit, and humans continue to constitute both a huge attack surface and the weakest component in any organisation [1]. Weak and reused passwords open doors even in the most hardened systems, and the security vulnerable behaviour of humans remains an active research subject. Based on the global 2020 survey, 57% of employees use an employer-issued device to check e-mails and respond to them [5]. Employees allow their friends and family members to check e-mails (33% worldwide and 52% in the US) and do online shopping (22% worldwide and 38% in the US) on their employer-issued devices. Only 58% of employees in Australia do not allow their friends and family members to check e-mails, do online shopping, do streaming or research, check social media, and perform other activities on their employer-issued devices [6,7]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
