When it comes to password hygiene, Gen Z flunk the test.

How are your hygiene practices? Do you make sure never to reuse passwords, to keep them unique and to strip them of any identifying information? If you’re part of Generation Z, born between the mid to late 1990s and early 2010s, the answer to all three questions is more likely to be yes than any other generation.

A new survey of 1,000 Americans by Beyond Identify tried to identify how people come up with passwords, keep them safe, and reuse and change them depending on their cybersecurity fears. The results across the board were relatively depressing – but particularly so for the youngest generation of adults.

Three in four people claim they’ve had at least one password breached – but haven’t necessarily done anything about it.

That may be in part because nearly half of those surveyed said they’re likely, either very or extremely, to reuse passwords across multiple different accounts. Generation Z are the most likely to readily admit to repeated reuse of passwords, with one in four repeatedly doing so.

Recycle and revive passwords

The youngest generations are also those most likely to say that they don’t update their passwords in an attempt to keep their data safe. An alarming one in five of all people update their password just once a year, with those born in the late 1990s or early 2000s 10 percentage points more likely to be lazy in changing their login details.

In comparison, “Baby boomers and older generations were the most responsible across the ages, with over a quarter of respondents reporting that they were not at all likely to reuse a password,” said Beyond Identity.

Most survey respondents claimed their passwords were stored in nothing more fancy than their memory.

At the same time, a further 40% said they use a password manager app on their phone or device. However, more than 20% of people still write out their passwords on paper, in computer documents, and through phone notes, despite years of being told not to. “When it comes to a password breach, where you store your password isn’t going to save you,” warns Beyond Identity. “These types of compromises are usually by breaching institutional-level databases where records are stored.”

Facebook passwords are most secure

There are interesting wrinkles in the way people treat the sanctity of their different passwords. Around 40% of survey respondents said Facebook was their most secure social media password – a detail Beyond Identity attributes may be because many people use Facebook to log in to multiple sites and apps across the world wide web.

But because of its wide use, Facebook was also most likely to be listed as having the least secure password. The way that people come up with their passwords is interesting when it comes to generational gaps.

“The majority of baby boomer and Gen Z respondents reported relying on randomly generating their own passwords, whereas Gen Xers and millennials seemed to rely on both randomly generating it themselves and using a personal system for creating new codes,” says Beyond Identity.

Most alarmingly, people are more than happy to share their password with others. Two-thirds are happy to share their password with their spouse, 57% with their significant other, and 43% would happily tell their parents what their password is. Bizarrely, one in four users would give up their login details to a roommate or co-worker – regardless of the potential ramifications that may entail.