With limited access to bank and credit union branches during the coronavirus pandemic, customers have turned to online and mobile banking tools. But a new study shows that consumers have not done enough to prevent fraud on their accounts.

FICO found in its consumer digital banking study that a large percentage of U.S. survey respondents did not take necessary steps to protect their passwords and logins online. The study examined steps taken by U.S. residents to protect financial information online and also looked at attitudes toward increased digital services and alternative security options, such as behavioral biometrics.

The study found that only 42 percent of respondents use separate passwords to access multiple accounts, while 17 percent of respondents reuse between two to five passwords across accounts. Another 4 percent use a single password across all accounts.

Less than a quarter (23 percent) of respondents use an encrypted password manager, which FICO said is considered a best practice. Another 30 percent use high risk strategies, such as writing passwords in a notebook.

“We’re seeing more cyber criminals targeting consumers with COVID-19 related phishing and social engineering,” Liz Lasher, vice president of fraud portfolio marketing at FICO, said in a statement. “Because of the current situation, many consumers are only able to access their finances digitally, so it’s vital to remain vigilant against such scams and take the right precautions to protect themselves digitally.”

The study showed that some consumers struggle with maintaining their current passwords, with 28 percent reporting that they abandoned an online purchase because they forgot login information, and 26 percent said they could not check an account balance. Forgotten usernames and passwords prevented 13 percent of respondents from opening a new account with an existing provider.

Consumers are still willing to do business digitally, according to FICO. The study found that the majority of respondents would open a checking (52 percent) or mobile phone (64 percent) account online, while 82 percent said they would open a credit card account online.

Even though more consumers could take steps to protect login credentials, Americans have become more trusting of using physical and behavioral biometrics to secure their financial accounts, according to the study.

The survey found that 78 percent of respondents would be happy to have their bank analyze behavioral biometrics – such as how a person types – for security, and 65 percent would be happy to provide biometrics to their bank. A majority of respondents (60 percent) said they would be open to using fingerprint scans to secure their accounts.

When logging into their mobile banking apps, survey respondents reported that they would consider alternative security measures beyond the traditional username and password. The five most widely used security alternatives are one-time passcode via SMS (53 percent), one-time passcode via email (43 percent), fingerprint scan (39 percent), facial scan (24 percent) and one-time passcode delivered and spoken to mobile phone (23 percent).

“There are no magic bullets, and the ability to layer and deploy multiple authentication methods appropriate to each occasion is key,” Lasher said. “Financial services organizations and consumers need to continue to keep security best practices top of mind to help combat fraudsters now and in the future.”