According to a study [PDF file] by Cambridge University's Joseph Bonneau, people aged 55 and older generally use passwords twice as strong as those used by people under the age of 25 -- and German and Korean speakers generally use the strongest passwords.
"But that's still not saying much since weak passwords were prevalant across every demographic from a data set that included 70 million anonymized Yahoo accounts analyzed with the Internet giant's permission," writes Threatpost's Anne Saita.
"Password strength is measured in bits, where cracking one bit is equivalent to the chance of correctly calling a fair coin toss, and each additional bit doubles the password's strength," writes New Scientist's Jacob Aron. "On average, Bonneau found that user-chosen passwords offer less than 10 bits of security against online attacks, meaning it would only take around 1000 attempts to try every possible password, and around 20 bits of security against offline attacks. That's surprising, because even a randomly chosen six-character password composed of digits and upper and lower case letters should offer 32 bits of security."
"He suggested assigning people randomly chosen nine-digit numbers instead, which would offer 30 bits of security against every type of attack," GMA News reports. "This would be a 1,000-fold increase in security on average. 'I think it's reasonable to expect people to have the capacity to remember that, because they do it for phone numbers,' he said."
"The report also found that those who changed their password the most often were more likely to have stronger passwords, but Yahoo users who had to reset passwords after reporting that their accounts had been compromised didn’t actually choose better passwords," notes Mashable's Samantha Murphy.