On the occasion of World Password Day, Kaspersky released the results of a large-scale analysis covering 231 million unique passwords leaked in major data breaches between 2023 and 2026.
The findings highlight serious weaknesses in how users create passwords, with researchers revealing that 68% of modern passwords can be cracked within just one day. In many cases, passwords can be compromised in less than an hour using AI-powered brute-force attacks.
Predictable Numbers and Symbols Increase Vulnerability
According to the report, most users still rely on highly predictable password patterns, making accounts easier for cybercriminals to breach.
Key findings included:
- 53% of passwords end with numbers.
- 17% begin with numbers.
- Around 12% contain date-like number sequences between 1950 and 2030.
- 3% include keyboard patterns such as “qwerty” or “1234”.
The study also showed that the “@” symbol remains the most commonly used special character in leaked passwords, appearing in roughly 10% of cases, followed by “.” and “!”.
Cybersecurity experts warn that placing numbers or symbols only at the beginning or end of a password significantly weakens security because attackers specifically target these common habits using advanced cracking algorithms.
AI Is Accelerating Password Cracking
Alexey Antonov, Head of Data Science at Kaspersky, explained that artificial intelligence has fundamentally changed password security standards.
He noted that passwords shorter than eight characters can typically be cracked in under 24 hours. Even more concerning, AI-assisted tools can crack over 20% of 15-character passwords in less than one minute when they follow predictable patterns.
Antonov added that attackers no longer rely solely on random guessing. Instead, they use massive datasets and machine learning models to identify common user behaviors, symbols, and number combinations.
Trendy and Positive Words Dominate Password Choices
The research also highlighted how internet culture and emotional language influence password creation.
Between 2023 and 2026, the use of the word “Skibidi” in passwords increased 36-fold, driven by the viral popularity of related online content.
Researchers also found that positive words are significantly more common in passwords than negative ones. Frequently used examples include:
- star
- angel
- friend
- love
- magic
- team
Negative words such as “devil” and “nightmare” appeared far less frequently.
Experts emphasized that relying on a single word, even when combined with numbers or symbols, is no longer considered secure in today’s cybersecurity landscape.
How to Create Stronger Passwords
Kaspersky experts shared several practical recommendations for improving password security:
- Use passwords longer than 16 characters.
- Combine random letters, numbers, and symbols.
- Avoid common sequences such as “1234”.
- Do not use trending words or personal names.
- Create a unique password for every account.
- Enable two-factor authentication (2FA) whenever possible.
The company also recommends using password managers to generate and securely store complex passwords in encrypted digital vaults across multiple devices.
Traditional Password Habits Are Becoming Riskier
The report reflects growing cybersecurity challenges as AI-powered attack tools continue to evolve rapidly.
Traditional passwords based on predictable patterns or familiar words are now considered a major security weakness, pushing cybersecurity companies to encourage stronger authentication methods such as passkeys and multi-factor authentication for better digital protection.