Age and Gender Impact on Password Hygiene

Abstract

Password hygiene plays an essential part in securing systems protected with single-factor authentication. A significant fraction of security incidents happen due to weak or reused passwords. The reasons behind differences in security vulnerable behaviour between various user groups remains an active research topic. The paper aims to identify the impact of age and gender on password strength using a large password dataset. We recovered previously hashed passwords of 102,120 users from a leaked customer database of a car-sharing company. Although the measured effect size was small, males significantly had stronger passwords than females for all age groups. Males aged 26–45 were also significantly different from all other groups, and password complexity decreased with age for both genders equally. Overall, very weak password hygiene was observed, 72% of users based their password on a word or used a simple sequence of digits, and passwords of over 39% of users were found in word lists of previous leaks.