Almost half of U.S. consumers use one to five passwords to access all of their online applications, a survey by The Hartford Steam Boiler Inspection and Insurance Company (HSB), has found, indicating many people use the same password for different accounts.

As for how Americans store the passcodes they need to access a growing number of banking, retail, social media and business applications, it’s much more likely they will use a sticky note than a secured password management app, the study concludes.

“The survey also shows one out of three consumers was hacked in the past,” said Timothy Zeilman, vice president for HSB, a leading provider of cyber insurance and services. “That rate should be falling faster and part of the problem is carelessness with passwords and personal security.”

Think of all the online accounts and applications that require a user name and password.

Yet, the survey, conducted for HSB by Zogby Analytics, showed 44 percent of consumers use only one to five passwords and 23 percent use six to ten passwords. That suggests they probably reuse the same password for multiple accounts, a threat to security, Zeilman said.

Another 11 percent used 11 to 20 passwords; nine percent used 21 to 50 passwords and four percent used more than 50 passwords. One percent of respondents said they don’t use any password and others didn’t know or weren’t sure.

When asked how they store their passwords, only 16 percent said they used a password organizer app. Many people stored passwords as notes on their smartphones, in computer documents, notebooks and planners, on slips of paper, or saved in emails they send to themselves.

One respondent said she kept her passwords on recipe cards and a business owner said, “The ‘universal’ passwords that are used by everyone in my company are written down” for anyone to view.

Instead, passwords should be strong and stored in a secure or encrypted location. Better yet, use passphrases, choosing random common words that don’t occur together in everyday speech, Zeilman said.

The HSB consumer survey also found that 32 percent of consumers had experienced a cyber attack in the previous 12 months, down from 37 percent in a similar HSB survey released in 2016.

The most common type of damage (81 percent) was a computer virus or other type of unwanted software, up from 69 percent in the previous survey.