Using the same password for a bunch of different accounts, skipping two-step authentication when it’s available, and other risky online behavior is especially common among Millennials—even, previous research shows, if they’re trained techies who you’d think would know better.

The proliferation of cloud-based apps, which make it harder for tech departments to keep an eye on where company data may be vulnerable, isn’t helping. The Softchoice report says employees of all ages who use cloud-based apps are four times more likely to access work files outside the office through a program IT doesn’t know about than those who don’t.

Not all employees are equally risky, the study notes. “Younger app users are more likely to go rogue than their more senior colleagues,” it says. More than one in three Millennials, and almost as many Gen Xers, work remotely using apps (most often Dropbox or Google Docs) without first getting the IT department’s OK. That compares with 22% of Boomers.

Some Millennials also take a devil-may-care approach to passwords. About 30% “display their app passwords on Post-It notes or somewhere else in plain sight” at work, compared to 20% of Gen Xers and just 11% of Boomers.

More training might help, since Softchoice found that many employees are simply unaware of the risks of their careless technology habits. Over 40% of workers in all age groups say they’ve never been told how to securely move and store private company data, and 39% “have not been told the risks of downloading cloud apps without IT’s knowledge.”

Beyond that, people’s reasons for going their own way in the cloud vary by age. Asked why they were using cloud-based apps the IT department hadn’t approved, most Millennials and Gen Xers said that “IT is too slow to approve their choice,” the report says. Boomers, on the other hand, most often said they “didn’t know they had to notify IT at all.”