The use of weak and insecure passwords remains a key security vulnerability for every country in the world, say researchers.
A report from Cambridge University Computer Laboratory has found that users continue to utilise easily-guessed passwords, with young users particularly careless with their password selection.
Utilising data collected from past data breaches and mass account thefts including a 2009 breach at Yahoo, researcher Joseph Bonneau noted that bad behaviour exists in every region on the web, and users are continuing to pick weak passwords for high-value accounts.
While certain countries such as Germany and Korea have been found to have slightly lower rates of vulnerable passwords, Bonneau noted that trends held up overall.
"The most troubling finding of our study is how little password distributions seem to vary, with all populations of users we were able to isolate producing similar skewed distributions with effective security varying by no more than a few bits," the researcher explained.
"Factors increasing security motivation like registering a payment card only seem to nudge users away from the weakest passwords, and a limited natural experiment on actively encouraging stronger passwords seems to have made little difference."
Overall, the report found that password security improved as users aged. Users between the ages of 13 and 24 were more likely to use insecure passwords than any other age group.
Bonneau also noted that users who change their passwords more often are also more likely to use better judgement when selecting strong passwords.
Additionally, the report noted that an attacker can theoretically improve the chances of an account theft by optimising password dictionaries for specific countries and genders.
"Passwords have been argued to be 'secure enough” for the web with users rationally choosing weak passwords for accounts of little importance, but these results may undermine this explanation as user choice does not vary greatly with changing security concerns as would be expected if weak passwords arose primarily due to user apathy," Bonneau explained.
"This may indicate an underlying problem with passwords that users aren’t willing or able to manage how difficult their passwords are to guess ."