"They can probably set up a printer faster"..?
Does anyone under 30 know what a printer is, let alone how to set one up? Surely the days of hard copy are behind us - if it's not on your phone screen, it's not going to be read.
Zoomers are officially worse at passwords than 80-year-olds
Gen Z can get off their digital high horses because their passwords are no more secure than their grandparents'. According to NordPass, there is no real difference between the security of those used by the younger generation and their supposedly tech-illiterate ancestors. In fact, the security company's analysis of passwords …
-
-
Tuesday 18th November 2025 14:37 GMT Doctor Syntax
Re: "They can probably set up a printer faster"..?
Every week SWMBO sends out a PDF handout for her patchwork class. The class members need to print it out, or at least the last sheet. Why? Because the templates are on the last sheet (sometimes on the last several sheets) and they need to cut those out. Not everything can be just read.
-
Tuesday 18th November 2025 22:55 GMT Terry 6
Re: "They can probably set up a printer faster"..?
That may well be coming. But until organisations like ( but by no means only) Girl Guides stop sending essential forms in formats that can't just be edited and data added on screen then emailed back the printer will be needed so that the poor devils who have to complete the paperwork by printing it, filling it out by hand, than scanning it back, (or sometimes putting it in the post).
Significantly the Local Authority today provided paperwork in PDF that could just be opened and completed in WORD- no printer needed. So it can be done.
-
Wednesday 19th November 2025 08:57 GMT DS999
Re: "They can probably set up a printer faster"..?
If you buy anything online, and sometimes return what you buy, eventually you're going to run into a situation where there isn't a store location or dropoff available, and you're gonna have to print off a shipping label.
I had my printer fail back in April, and I bought a new (refurbished) one in May. I hadn't got around to opening up the box but a few weeks ago I did a return that required a UPS shipping label, so I was forced to unbox it and set it up just to print out one page.
-
Tuesday 18th November 2025 14:21 GMT storner
"One glimmer of hope from the global data, taken from recent breaches and dark web repositories, was that the use special characters is on the rise."
Bollocks. Special characters add no extra security - the NIST password guidelines have detailed this for years.
Length is all that matters, hence the recommendation for passphrases instead of passwords.
-
Tuesday 18th November 2025 17:33 GMT Long John Silver
Don't knock special characters.
Combining ASCII printable characters with extended ASCII codes, the latter containing 'special characters', gives 224 possibilities for each position in a password string.
If it is assumed that a string of characters contains at least one special character, then all 224 options must be considered at each position when 'brute force' cracking the code.
A five character code offers 563949338624 (i.e. 5.63×10¹¹) choices. This combination I assume to be crackable with powerful equipment; however, the time taken will depend on the interval between entry of each character and the response by the locked door protecting goodies within. On average, 281974669312 (i.e. 2.81×10¹¹) tries are required.
Taking the password length to ten characters offers 3.18×10²³ combinations. The resulting average of 1.59×10²³ tries is an immense task.
Just increasing from 5 to 7 characters offers an average of 1.41×10¹⁶ attempts.
Excluding extended codes gives 96 ordinary printable characters. The average number of attempts to break 5, 7, and 10 characters strings, respectively are 4076863488 (i.e. 4.07×10⁹), 3.75×10¹³, and 3.32×10¹⁹ attempts.
[Numbers beyond decimal points truncated]
----------------------------------------------------------------------------------
There are other considerations.
Some characters within the extended ASCII set are unlikely to be chosen by many people; perhaps, the brute-force algorithm should exclude them on first attempt.
For passwords of ten and more characters, regardless of containing special characters, brute-force attack becomes increasingly more hopeless. When an attack is feasible, the question arises whether the goodies behind the door are worth the expense (time and money) of attempting forced entry. This consideration applies to would-be burglars, and to police/security officers knocking on the door.
-
Thursday 20th November 2025 23:04 GMT jlturriff
I suppose that the persistence of use of these ridiculously hackable passwords is responsible for the rise of the mandate of mfa. I HATE being required to have my phone to hand whenever I want to log into e.g. my online banking website, which I consider to be unnecessary, because the password for their site (though artificially weakened by their length and content rules) is along the lines of "eNyRuÈ9ÚâvH·³Ð§%b4f%õÜWÈ", which is what my password manager's generator produces. (This example is one I generated solely for demonstration here, and is not and never will be used on any website.) Even before password managers became available, I generated my own, shorter and with fewer character choices, passwords with a Linux-based tool called pwgen. The ignorance of people with regards to passwords seems to me unbelievable.
-
Tuesday 18th November 2025 14:44 GMT werdsmith
Are the youngsters all using passkeys and mfa and the old folk keeping a little notebook or using the same one for everything?
There are too many accounts requiring a password and many of the less sensitive that I don't use very much I just create a keyboard mash password each time I use it and rely on the forgotten password process. It's sort of a half baked 2 factor.
-
Tuesday 18th November 2025 15:35 GMT hoola
Maybe I fall into the latter category being an old fart but can someone please explain to me the following:
I have a username and password with MFA. The password is a string of characters.
That is migrated to a username and passkey with MFA. The passkey is a string of characters
I have a hardware Yubikey that can do various level of authentication. One makes it usernameless and passwordless. I select the option to use it on login and guess what?
I have to enter the "Passkey" that looks incredibly like a password to me.
On the surface this looks to be very much rebranding a password to make it sound more secure. A string of characters is just that, you can call it what you want. I would rather the lunacy of logging in to a service that has MFA cheerfully sends the MFA to the very device I am logging in from.
-
Tuesday 18th November 2025 17:08 GMT Flocke Kroes
Asymmetric encryption
What your yubikey should be doing is creating a pair of numbers called a private key and a public key. The private key should* be kept secret and never leave the device. The public key should be publicised. Next comes the difficult bit: associating your user name with your public key and not the public key I create and say is yours. When a computer wants to authenticate you it should create a sequence of random numbers and encrypt it with your public key. It then sends the encrypted message to you (or me) to decrypt, with your secret key which I do not have. Only someone with the correct secret key** can decrypt the encrypted message and reply with the original sequence of random numbers***.
* I saw in the spec a section on how to copy the secret key to a backup device. I really hope that was not literal. The correct solution is for your second yubikey to have its own public private key pair and you use for first yubikey to sign the second ones public key so either public/private key pair can be used for authentication.
** Or someone who can read/predict the original sequence of random numbers generated by the computer requiring authentication.
*** A man in the middle could ask you to decrypt the message and send your response. Someone thought of that. I can think of at least one way to prevent that but I do not know which way is in the standard.
-
-
Tuesday 18th November 2025 18:15 GMT PuckSR
I think this is causing the problem.
I use my "The Register" password on about 200 other random websites that don't need any real security. If you looked at my password usage patterns, you would see that a big chunk of my passwords are 123456. But that doesn't mean I am not being secure. It just means there are websites that use passwords that don't actually need them.
-
Wednesday 19th November 2025 22:05 GMT Terry 6
It just means there are websites that use passwords that don't actually need them.
Yup.
I have accounts with crap email addresses to log in with and crap passwords. Because I don't need them to have more than a superficial lock. Add to that the fact that many users of such sites just want to get started and not go through setting up an account they don't want with a bunch of fatuous security they couldn't give a toss about. So go for something quick and simple.
The problems can occur when they cross the line between just using such an account for something simple and basic and decide to add stuff they can be sharing with their friends and family- because that's when it sometimes becomes risky and valuable to the scammers.
-
-
-
-
Tuesday 18th November 2025 17:16 GMT Flocke Kroes
Re: Data Source?
Yes your specs are rose tinted. On top of that rather the 'encrypted' the word you are looking for is 'hashed'. It is not currently possible to recover the original password that has passed through a modern secure hash algorithm. Some companies use old algorithms that are no longer secure. Companies are supposed to keep the list of usernames+hashed passwords secret. It is possible to put every word in a dictionary through a hash function and look for the result in a leaked list of hashed passwords.
-
-
Tuesday 18th November 2025 15:41 GMT Anonymous Coward
For an industry that chokes on "standards"
The lack of any standard over authentication to systems is baffling.
We know there is no standard because everybody+dog seems to have rolled their own idea.
Don't believe me ? How many times have you had to adjust your password generator because of peoples different idea of password complexity.
And don't get me started on secure storage - I am still getting passwords emailed to me in the clear/
-
Tuesday 18th November 2025 16:41 GMT Bebu sa Ware
Re: For an industry that chokes on "standards"
"I am still getting passwords emailed to me in the clear"
Slightly better SMS/Text in clear.
Getting otherwise cluey people to generate a ssh key pair and send the public key is usually a bridge too far.
The classic fail for me was receiving the QR code for the TOTP seed in clear in the sender's foolishlessly mistaken belief it was encrypted.
-
Tuesday 18th November 2025 17:58 GMT Anonymous Coward
Re:SSH keys
Getting otherwise cluey people to generate a ssh key pair and send the public key is usually a bridge too far.
Oh yes. I worked as a development manager for a software house in 2008 and wanted to secure emails since they container customer data.
None of the "IT Managers" I spoke to had the faintest clue how to set it up in exchange.
-
-
-
Tuesday 18th November 2025 16:25 GMT Bebu sa Ware
"12345"…top choice among Zoomers…the far superior "123456" was preferred by Boomers
The far superior—who doesn't come here for the snark ?
I had to look up skibidis – not that I am much wiser—I'll probably stick with my first impression and stay with spinsterish old ducks on skis (ski + bidis/biddies.)
Curiously I understand that pre WW2 some strata of English society pronounced "ski" as "she" in the possibly mistaken belief that how it was pronounced in whatever nordic language from which it was half inched. They were pretty ignorant and clueless lot on the whole; probably still are.
So she-biddies works out rather serendipitously.
The problem with using long words like "serendipitously" for passwords is I forget how to spell them correctly, or otherwise, the same way. ;)
-
Wednesday 19th November 2025 16:52 GMT Doctor Evil
Re: "12345"…top choice among Zoomers…the far superior "123456" was preferred by Boomers
"Curiously I understand that pre WW2 some strata of English society pronounced "ski" as "she" in the possibly mistaken belief that how it was pronounced in whatever nordic language from which it was half inched."
Actually, in Austrian- and Swiss-German, ski is written as "schi" and pronounced "shee". As many of the ski-instructors of that era were Austrian or Swiss, the adopted pronunciation is not so far-fetched.
-
-
-
Tuesday 18th November 2025 17:51 GMT Fruit and Nutcase
Yes, the future of the human race is assured.
We've all but forgotten...
And we put men on the moon over 55 years ago, and still struggling to put a woman up there - guess the need to bring her back safely does add extra complexity!
All hail our forthcoming AI overlords and the esteemed zoomer AI whisperers.
-
-
Tuesday 18th November 2025 18:48 GMT Ken Hagan
Or indeed one who doesn't ask why she can't just wear an exoskeleton and control a robot agent. It's only two and a half seconds of latency to get used to. How hard can it be?
Also, if you replace the life support system with recharging hardware, you probably have a near-infinite duration of stay and can allow different experts to all have a go.
Sending people into space? Only an egomaniac sociopath would want to do that.
-
-
-
Tuesday 18th November 2025 20:19 GMT LucreLout
Equally true of millennials too. All the difficult stuff was abstracted before they started their tech journey.
The percentage of millennials that understand the below basic concepts is almost certainly below those of previous generations:
Fetch execute cycles
OSI models
Threading
Memory management
Complier design
I mean, it's far from unusual for techies in Gen X to know how to build a rudimentary CPU from rebar and copper cable, or to be able to write a compiler for a language they designed.
Being able to work an iPad is not digitally native.
-
Wednesday 19th November 2025 20:39 GMT David Hicklin
For many of us (myself included) the first exposure to a PC as we know it would have been the IBM AT and XT followed by Compaq 286 and 386's
In those days nobody at $work had a clue how they worked inside but boy was it fun learning all about it
I am a curious person who wants to know what's going on under the hood and grew up in the 1970's learning electronics as a hobby and understanding electrons, holes, depleted zones and all that stuff.
These days (and it has been this way for quite a while now) it is just a black box you plug together
At least with PIC's I can still explore and learn stuff for fun in my retirement....finally cracked how a CLC works in one
-
-
Sunday 23rd November 2025 23:07 GMT LucreLout
Total proportion of each generation.
I know precisely zero millennial or gen z that actually know the stuff on my fairly rudimentary list. They've never understood the list because it's all been abstracted for them, and their idea of understanding technology is, essentially, just as a user, not a producer.
In a nutshell, they're not digital natives. They're users. Social media natives I might give them, but that's about al.
-
-
Tuesday 18th November 2025 18:06 GMT martinusher
Printer Setup? Password?
We old people like me started with printers that mostly had Centronix interfaces so setup was just a matter of plugging the printer in. Even when printers became more versatile setup was still easy. The problems started when code bloat met ongoing revenue stream generation and fused with badly thought out wireless interfaces. We're mostly through this now so printer setup is easy (give or take a Windows driver or two for those of us still using Windows).
We don't print a whole lot so have long ditched the ink jets for laser. Even a cheap laser printer will sit switched off for months and then instantly be available when you need it (try doing that with an ink jet...).
FWIW -- My personal password storage is a repurposed Rolodex. I don't store important passwords on computers and especially not on my phone.
-
Tuesday 18th November 2025 23:49 GMT Blitheringeejit
"The problems started when code bloat met ongoing revenue stream generation"
I beg to differ - my experience was that the problems started when you wanted to print anything other than US ASCII, or (god forbid) graphics. Text mode charsets were difficult enough, but raster graphics on a dot-matrix...EEK!
-
Thursday 20th November 2025 22:48 GMT jlturriff
Re: Printer Setup? Password?
Well, yeah...what thinking person considers storing passwords on an unsecure device like a "smart" phone, let alone using it for touchy things like banking?
As for printers, in the Linux world at least, where Apple's CUPS or HP's hplip tools (both proprietary, ironically) are used, in recent years printer setup has become more difficult. My (admittedly old) Brother colour laser printer has stopped talking to my computer since the last several upgrades; I can access its web interface, but it never sees files that are sent to it (which is now a common complaint).
-
-
Tuesday 18th November 2025 18:13 GMT PuckSR
Are these actually bad?
I've always been a bit curious if they are properly weighting these passwords.
The password for my account on "The Register" is stupid and simple. It is also the same one I use everywhere. The account for my bank is 32 characters long and unique.
I probably use my stupid simple password on 200ish sites. On every single one, it is a site that requires a password but one where I absolutely do not care if someone hacks me. It just doesn't matter. I'd be much more interested if 12345 was a popular password for Gen Zoomer on their bank accounts, I'm betting its more common on things like tiktok
-
Wednesday 19th November 2025 09:32 GMT xanadu42
So my password IS secure
Just for a laugh thought I would do a random check on a "secure password checker" assuming that some people might do this
according to https://www.security.org/how-secure-is-my-password/
12345 can be hacked immediately
1234512345 can be hacked in 200ms
123451234512345 can be hacked in 6 hours
12345123451234512345 can be hacked in 79 years
1234512345123451234512345 can be hacked in 7 million years
12E45 can be hacked in 1ms
12E4512E45 can be hacked in 1 day
12E4512E4512E45 can be hacked in 100,000 years
12E4512E4512E4512E45 can be hacked in 10 trillion years
12E4512E4512E4512E4512E45 can be hacked in 6 hundred quintillion years
12!12 can be hacked in 200ms
12!1212!12 can be hacked in 39 minutes
12!1212!1212!12 can be hacked in 700 years
12!1212!1212!12 can be hacked in 7 billion years
12!1212!1212!1212!1212!12 can be hacked in 70 quadrillion years
nowisthetime can be hacked in 3 weeks
nowisthetimeforallgoodmen can be hacked in 100 quadrillion years
according to https://checkmypassword.com.au/
12345 can be hacked by AI instantly
1234512345 can be hacked by AI instantly
123451234512345 can be hacked by AI in 5 hours
12345123451234512345 can be hacked by AI in 1 year
1234512345123451234512345 can be hacked by AI in 1 year
12E45 can be hacked by AI instantly
12E4512E45 can be hacked by AI in 6 months
12E4512E4512E45 can be hacked by AI in 613 million years
12E4512E4512E4512E45 can be hacked by AI in 106 trillion years
12E4512E4512E4512E4512E45 can be hacked by AI in 368 trillion years
12!12 can be hacked by AI instantly
12!1212!12 can be hacked by AI in 5 years
12!1212!1212!12 can be hacked by AI in 14 billion years
12!1212!1212!1212!12 can be hacked by AI in 9 quadrillion years
12!1212!1212!1212!1212!12 can be hacked by AI in 27 quadrillion years
nowisthetime can be hacked by AI in 3 weeks
nowisthetimeforallgoodmen can be hacked by AI in 42 million years
Make of this what you will - I had a laugh
Biting the hand that feeds IT
