68% of Modern Passwords Cracked Within 24 Hours, Report Finds

On World Password Day, May 7, 2026, a fresh analysis from Kaspersky paints a grim picture of digital security. Examining 231 million unique passwords leaked between 2023 and 2026, the study found that 68% of modern passwords can be cracked within a single day, highlighting a persistent reliance on weak, predictable patterns despite growing security awareness.

The report shows that most compromised passwords either begin or end with digits—a common trait that makes them highly susceptible to brute-force and guessing attacks. A surprising finding was the sharp rise in passwords tied to internet trends, such as “Skibidi,” which saw a 36-fold increase in usage over the past two years.

Common Weak Patterns Exposed

Security experts detailed recurring patterns in weak passwords uncovered by the analysis:

• 53% of passwords end with numbers.
• 17% begin with numbers.
• 12% contain predictable dates or time sequences.
• 3% rely on keyboard sequences like “1234” or “qwerty.”

Simple symbols such as “@” and “!” remain common, but they offer little protection when embedded in easily guessed patterns.

Why These Passwords Are Vulnerable

According to Kaspersky experts, brute-force attacks work by rapidly testing millions of possibilities. With prior knowledge of user habits, cracking becomes far faster. They emphasize that single-word passwords or repetitive patterns can be broken in minutes or even seconds.

Solutions: Longer, More Random Passwords

Security professionals recommend using passphrases—multiple unrelated words combined with symbols and numbers in unpredictable ways—rather than short or traditional passwords. Key advice includes:

• Use fully random passwords.
• Avoid dates and common words.
• Enable two-factor authentication (2FA).
• Use a trusted password manager.

Length Alone No Longer Enough

While longer passwords are often thought to be safer, advances in artificial intelligence now allow some lengthy passwords to be cracked if they follow predictable patterns. Data shows that passwords under 8 characters can be broken in under 24 hours, while over 20% of passwords up to 15 characters can be cracked in less than a minute if they lack randomness.

As hacking tools and AI evolve, meeting traditional password rules is no longer sufficient. A complete rethink of how passwords are created is essential to protect personal data and digital accounts.