A field study conducted in Ankara reveals that more than 85% of students are unable to create secure passwords, underscoring growing vulnerabilities among children navigating digital environments.

The research, carried out by the Secure Digital World Association, involved 1,000 students aged 8 to 13 and found a clear gap between perceived and actual digital security awareness.

While most participants claimed they could create strong passwords, behavioral testing showed that 852 students failed to do so in real-time simulated environments.

As part of the "Secure Digital World School Stations Project,” the study applied an experience-based learning model that enables students to engage directly with digital risks rather than relying solely on theoretical instruction. Through gamified simulations, participants encountered scenarios involving social engineering, online fraud and manipulation techniques.

The simulation-based training environment recreated real-world cyber threats in a controlled setting, allowing students to develop practical responses while researchers assessed decision-making processes and behavioral reflexes in real time.

Experts involved in the study pointed to a clear disconnect between cognitive awareness and actual behavior, noting that theoretical knowledge often fails to translate into safe digital practices among children.

Cybersecurity expert Ayça Kurtuluş said the findings reveal a clear disconnect between cognitive awareness and actual behavior, noting that theoretical knowledge often fails to translate into safe digital practices among children.

Additional findings show that 927 out of 1,000 students experienced vulnerabilities linked to QR code-based attacks, known as "quishing,” while 60 students made critical errors in phishing scenarios. These results underscore how routine digital interactions can expose children to serious risks.

The findings indicate that children remain highly vulnerable in digital environments and highlight the need for more applied, skills-based cybersecurity education.

Kurtuluş said parents play a key role in strengthening children’s digital safety and recommended more structured and proactive involvement.

Rather than offering general advice, families are encouraged to develop password strategies together, such as creating phrase-based passwords converted into acronyms and reinforced with symbols to improve both security and memorability.

Parents are also advised to dedicate at least 10 minutes each week to practicing digital safety scenarios with their children, including identifying fake accounts, distinguishing between legitimate and fraudulent websites and responding to suspicious communications.

Encouraging children to assess unknown contacts through simple checks such as identity verification, family awareness and potential risk evaluation is also highlighted as a critical habit.

The study concludes that without active parental engagement, children remain largely unprotected in the digital environments they increasingly navigate, making practical cybersecurity education an urgent priority.