ISLAMABAD: A new cybersecurity analysis has found that a significant majority of commonly used passwords remain highly insecure, with 68 per cent of modern passwords able to be cracked within just 24 hours, according to a report by cybersecurity firm Kaspersky.
The findings are based on an examination of 231 million unique passwords that were leaked between 2023 and 2026.
The study highlights widespread weaknesses in user password habits and increasing risks posed by both traditional brute-force techniques and newer AI-assisted cracking methods.
🚨 48% of leaked passwords can now be cracked in under a minute.
Our latest analysis of 231M real-world passwords shows most people still rely on predictable patterns like:
🔹 “1234”
🔹 birth years
🔹 reused passwordsMeanwhile, GPU-powered cracking keeps getting faster.
How… pic.twitter.com/FMcCHWOdOo
— Kaspersky (@kaspersky) May 11, 2026
One of the key observations is that most compromised passwords follow predictable structures.
A large proportion either start or end with numbers – a habit that significantly reduces security and makes them easier for attackers to guess.
Specifically, 53 per cent of analysed passwords were found to end with digits, while 17 per cent began with numbers.
The report also noted that about 12 per cent of passwords contained number sequences resembling dates, typically ranging from 1950 to 2030.
In addition, around 3 per cent included obvious keyboard patterns such as “qwerty” or its reverse, while simple numeric sequences like “1234” remained among the most frequently used combinations.
Symbol usage also showed heavy repetition of predictable choices. Among passwords containing a single special character, the “@” symbol appeared in around 10 per cent of cases, making it the most commonly used symbol. The dot “.” followed, appearing in approximately 3 per cent of passwords.
Researchers further observed that users often rely on emotionally positive or culturally trending words when creating passwords.
Terms such as “love”, “magic”, “friend”, “team”, “angel”, “star”, and “eden” were frequently identified in leaked credentials.
Interestingly, even internet-driven trends are influencing password choices, with the word “Skibidi” reportedly increasing 36-fold in recent years.
Kaspersky’s analysis also highlights a growing gap between password policy requirements and actual security outcomes.
Although many online services now require passwords of at least 10 characters, including uppercase letters, numbers, and symbols, the report warns that such rules alone do not guarantee protection if predictable patterns are used.
The report cautions that brute-force attacks – which attempt every possible character combination – become significantly more effective when attackers can anticipate user behaviour.
Once common patterns such as digits at the end or familiar word lists are identified, cracking time drops dramatically.
Cybersecurity expert Alexey Antonov, Data Science Team Lead at Kaspersky, explained that attackers increasingly benefit from users’ predictable habits.
He noted that reliance on familiar symbols, sequences, or dates placed at obvious positions such as the start or end of passwords makes them far easier to break.
He advised that users should avoid predictable patterns and instead rely on password managers or dedicated generators that produce fully random combinations of letters, numbers, and symbols, ensuring equal unpredictability across all characters.
The study further found that password length plays a critical role in security. Short passwords of up to eight characters are typically cracked in less than a day using brute-force methods.
However, even longer passwords are not immune; the report warns that with the help of AI-powered algorithms, more than 20 per cent of 15-character passwords can now be broken in under a minute.
Overall, the findings underline a growing concern in digital security: despite increased awareness and stricter password requirements, user behaviour continues to leave systems exposed to increasingly sophisticated cracking techniques.
