Compromised passwords remain a growing global threat as new research reveals how repeatedly reused credentials continue to fuel security breaches. Kaspersky’s analysis underscores widespread weaknesses in password behaviour and the urgent need for stronger authentication solutions.
Kaspersky finds compromised passwords reused for years despite rising cyber risks
Kaspersky’s latest findings draw attention to a critical cybersecurity gap, showing that compromised passwords continue to circulate across the internet for years without being updated. The company’s research, spanning leak datasets from 2023 to 2025, highlights pervasive patterns in how people create and manage passwords, demonstrating that many users still rely on predictable structures that expose them to significant risk. Although password-based authentication remains common, its declining reliability is evident as human habits shape patterns that attackers can exploit with increasing ease.
The research identifies an alarming level of predictability in user-created passwords. Many individuals incorporate basic number sequences, personal identifiers, or references to familiar terms when constructing credentials. Kaspersky’s data shows that 10 percent of the passwords examined contained a date-like number ranging from 1990 to 2025, while 0.5 percent ended with the digits 2024, meaning roughly every 200th leaked password followed this pattern. These predictable combinations drastically weaken cryptographic strength and allow brute-force attacks to succeed in shorter timeframes. The widespread use of simplistic combinations such as “12345,” as well as common words like “love,” names, and even country names, provides attackers with low-hanging opportunities to infiltrate accounts.
Another troubling trend is password age and stagnation. According to the study, 54 percent of leaked passwords in 2025 had already appeared in previous breaches, pointing to repeated credential reuse. With an average lifespan of 3.5 to 4 years, many credentials remain unchanged long after they have been compromised. This prolonged vulnerability allows cybercriminals to exploit the same information repeatedly, often across multiple platforms, magnifying the scale of potential breaches. Kaspersky stresses that inadequate protocols for creating, managing and storing passwords continue to weaken security ecosystems worldwide.
These findings intensify calls for a shift away from traditional password models toward more resilient authentication methods. Next-generation solutions such as Passkeys have gained traction due to their ability to circumvent the human weaknesses often embedded in password habits. Passkeys rely on cryptographic keys and device-level biometrics, eliminating exposure to common attack vectors such as phishing, credential harvesting and large-scale database leaks. A passkey is generated for a specific account on a specific platform, stored locally on a user’s device or within a password manager, and verified without transmitting sensitive information that could be intercepted.
The authentication process using Passkeys offers a significant uplift in both security and convenience. When a user registers on a supported platform, the device creates a private key while the public key is shared with the service. The private key remains stored on the user’s device, ensuring that attackers cannot retrieve it through external breaches. Historically, this model complicated cross-device access, but new capabilities — particularly within updated password managers — now enable secure synchronization across multiple devices, preserving both usability and strong protection.
To address these evolving threats, Kaspersky Password Manager has been upgraded with full Passkey functionality, enhancing its role as a modern login hub. Users can now create, store and synchronize Passkeys across devices with a single tap, ensuring seamless authentication across supported services. This upgrade builds on existing features such as secure password generation and autofill tools, which have already streamlined digital security for millions of users. Marina Titova, Vice President for Consumer Business at Kaspersky, emphasized that juggling numerous login credentials can compromise both efficiency and safety. She noted that the addition of Passkey technology strengthens account security while making the user experience simpler and more secure.
The latest version of Kaspersky Password Manager, now equipped with Passkey support, is available across all major platforms. Users can set up a Passkey by updating the application, enabling necessary permissions and following in-app instructions on a supporting website. By integrating modern cryptographic authentication with practical device synchronization, Kaspersky aims to close long-standing vulnerabilities created by compromised passwords and promote best practices for digital security in an increasingly hostile cyber landscape.