Vetted by NeuralPress's Multi-Agent Verifier for strict factual validity and event relevance. Our compliance engine cross-checks and filters search results to ensure zero false correlations or misleading content.
Prevalence of Predictable Password Patterns
Percentage distribution of common vulnerabilities found in leaked passwords (2023-2026).
Primary Sources
Kaspersky Research Finds Over 50% of Leaked Passwords End With Numbers
Kaspersky experts analyzed 231 million unique passwords in major password leaks from 2023 to 2026, and uncovered several key patterns. First, 68% of modern passwords can be cracked within a day. Second, it turned out that the vast majority of compromised passwords either begin or end with a digit – a common pattern that makes them potentially vulnerable to brute force attacks. And third, users also favor positive and trending words; for example, over the past couple of years, use of the word "Skibidi" in analyzed passwords surged 36 times, mirroring the rise of that internet trend.In the recent years, secure passwords’ rules have become a widely discussed topic. More and more services now demand passwords that are at least 10 characters long, include an uppercase letter, and contain a number or a symbol. Yet a comparative analysis of leaked passwords from the past few years shows that that even following some of those rules does not guarantee resistance to brute‑force or AI‑driven attacks.Kaspersky experts share practical advice on how to make passwords more complex and secure, and how not to repeat common mistakes. Be creative with using symbols and numbersAmong the leaked passwords that contain just one symbol, the “@” sign tops the list, appearing in 10% of cases. The next most common symbol is a dot (.), found in 3% of passwords. Among all analyzed passwords “@” takes second place in terms of prevalence, and in third place is “!”. Numbers also follow similarly predictable patterns: 53% of examined passwords end with digits 17% begin with digits Nearly 12% include a numeric sequence that resembles a date (from 1950 to 2030)3% of leaked passwords include keyboard sequencies like “qwerty” or “ytrewq”, but most of them are digital sequencies like “1234”Alexey Antonov, Data Science Team Lead at Kaspersky, notes that commonly used symbols, numbers, or dates – especially when placed in obvious positions (such as at the beginning or end of a password) – significantly simplify brute force attacks for cybercriminals. That’s why it’s highly recommended to give preference to less popular characters, and avoid numeric or keyboard sequences.“Bruteforce works by systematically trying every possible character combination until the correct password is found. When attackers already know which characters users tend to favor, the time required to crack a password drops dramatically. To avoid the temptation of choosing predictable symbols, entrust password creation to dedi...
Kaspersky reveals 50% of leaked passwords end with a number
Apparently, according to Kaspersky, this password structure is far more common than you may think. To mark the occasion of World Password Day, Kaspersky experts analyzed 231 million unique passwords in major password leaks from 2023 to 2026, and uncovered several key patterns. First, 68% of modern passwords can be cracked within a day. Second, it turned out that the vast majority of ...
World Password Day: Stop Using Numbers at the End of Your Passwords ...
Today is World Password Day and cybersecurity company Kaspersky analysed more than 231 million unique passwords that formed part of major leaks over the three years from 2023 till now. In the ...
Nearly half of the world's passwords can be cracked in ... - Kaspersky
More than half of all passwords (53%) end with one or more digits, while nearly one in six (17%) starts with a number. Every eighth password (12%) contains sequences that look a lot like years — ranging from 1950 to 2030 — and one in ten (10%) specifically falls between 1990 and 2026.
