Kaspersky warns 68% of leaked passwords can be cracked within a day
Kaspersky is sounding the alarm on modern password security after analyzing 231 million leaked passwords from 2023 to 2026, revealing that 68% can be cracked within a single day.
Released in observance of World Password Day, the study found that despite growing awareness around password security, many users continue to rely on predictable patterns that leave accounts highly vulnerable to brute force and AI-powered cyberattacks.
The cybersecurity firm discovered that most compromised passwords still begin or end with digits, use common symbols, or contain familiar words and internet trends, significantly weakening their effectiveness.
Common patterns weaken security
According to Kaspersky, 53% of analyzed passwords end with numbers, while 17% begin with digits. Nearly 12% include date-like sequences, and millions still rely on simple combinations such as “1234” or “qwerty.”
“Bruteforce works by systematically trying every possible character combination until the correct password is found. When attackers already know which characters users tend to favor, the time required to crack a password drops dramatically,” said Alexey Antonov, Data Science Team Lead at Kaspersky.
The report also highlighted widespread use of emotional or trending words, with “Skibidi” seeing a 36-fold increase in password use during the analyzed period. Positive words such as “love,” “magic,” “angel,” and “star” remain common, though security experts warn that predictable language patterns make passwords easier targets.
“Using a single-word password, even with a trailing number or a special character, is a weak choice,” Antonov added.
Stronger passwords require unpredictability
While password length remains important, Kaspersky noted that even 15-character passwords can be cracked in under a minute if they follow common patterns, especially when attackers use advanced AI-driven tools and multiple GPUs.
The company now recommends passwords that exceed 16 characters, incorporate random symbols, numbers, and letters, and avoid recognizable words or sequences. Kaspersky also strongly encourages the use of password managers and two-factor authentication to further strengthen online security.
To support safer digital habits, Kaspersky has expanded its password generation tools, allowing users to create stronger credentials while managing them securely across devices.
