What Do We Know about Student Security Hygiene?

min read

This blog posting is adapted from the 2015 EDUCAUSE Center for Research and Analysis (ECAR) Study of Undergraduate Students and Information Technology.

Since 2004, ECAR has investigated the technologies that matter most to undergraduate students. In 2015, the "Student Study" was sent to approximately 970,000 students at 161 institutions, yielding 50,274 responses across 11 countries and 43 U.S. states. The 2015 study found that students own more Internet-capable devices than ever, with smartphone ownership exceeding laptop ownership for the first time. As technology and technology tools are embedded into students' lives, understanding students' privacy expectations and information security practices is crucial.

Millennials are often maligned for not thinking about data privacy. A 2015 study by the American Press Institute showed that 34% of Millennials (those under age 35) didn't worry at all about their personal information being available online, and only 46% worried a little. That same study found that when Millennials do worry about privacy, they worry most about identity theft.1

Our research shows that worrying about identity theft is not entirely unfounded. Twenty-one percent of respondents have had an online account hacked, and 14% have had a computer, tablet, or smartphone stolen. Identity theft commonly results from hijacked online accounts and stolen computing devices, and the sensitive information they hold.2

Most students practice good information security hygiene (see figure below). They secure access to their computing devices with passwords and PINs, and they use strong passwords with a combination of alpha, numeric, and symbol characters (both 86%). They rarely share passwords and PINs for their online accounts (17%). In addition, less than a third of students have shared the passwords or PINs for their computing devices (30%). Students who have shared a password or PIN for a computer, tablet, or smartphone in the past 12 months are more likely to have had an account hacked than students who haven't (29% versus 18%).

Image 1 - Good Information Security Hygiene Graph

Learn more about what students and faculty think of IT by visiting the 2015 Student and Faculty Technology Studies research hub.


  1. American Press Institute, "Digital Lives of Millennials," March 16, 2015.
  2. Federal Trade Commission’s website, IdentityTheft.gov, "When Information Is Lost or Exposed."

Joanna L. Grama is Director of Cybersecurity and IT GRC Programs for EDUCAUSE.

© 2016 Joanna L. Grama. This EDUCAUSE Review blog is licensed under the Creative Commons BY-NC-SA 4.0 International license.