Despite years of cybersecurity reminders, users continue to rely on predictable and easily cracked passwords, according to new research by global cybersecurity firm Kaspersky.
Analyzing major data breaches from 2023 to 2025, Kaspersky found that many users still include personal details such as names, dates, or short number sequences in their passwords.
The study revealed that 10 percent of leaked passwords contained date-like numbers, while “12345” remained the most common combination.
Other frequent inclusions were the word “love,” users’ own names, and even country names.
More alarming, the report showed that 54 percent of passwords leaked in 2025 had already appeared in earlier breaches, pointing to widespread password reuse.
Kaspersky said the average lifespan of a compromised password is about 3.5 to 4 years, indicating that users seldom update their credentials.
Many users continue to recycle passwords across social media, email, and banking platforms, which exposes themselves to phishing and credential-stuffing attacks.
Moreover, Kaspersky reiterated its call for stronger authentication measures and urged users to adopt passkey technology, which uses cryptographic keys and biometrics instead of text-based passwords that can be stolen or leaked.
Founded in 1997, Kaspersky is a global cybersecurity and digital privacy company that protects more than a billion devices worldwide.
Its security portfolio includes consumer and enterprise solutions such as Kaspersky Password Manager, which now supports passkey technology for seamless and secure account access across devices.
