Half of the passwords compromised in 2025 had already been leaked

The latest research by Kaspersky reveals that the majority of compromised passwords not only fail to comply with security guidelines, but also remain unchanged for long periods of time, significantly reducing their level of protection. To offer users more advanced and modern ways of logging in, Kaspersky Password Manager has been enhanced with Passkey technology, enabling secure account access with seamless synchronization across devices.

Although passwords remain one of the primary methods of authentication, they are no longer considered the most secure option. Passwords, often created by users themselves, are heavily influenced by human factors, making them potentially vulnerable. Kaspersky experts analyzed major password leaks from 2023 to 2025 and identified several recurring patterns:

• Users frequently add predictable elements such as numbers, dates, and personal identifiers to their passwords. For example, 10% of the passwords in the analyzed dataset contain a number resembling a date (from 1990 to 2025), while 0.5% of all compromised passwords end with the number 2024 — that is, one in 200.
• The most commonly used password combination is “12345”, which drastically reduces cryptographic strength and shortens the time required for successful brute-force attacks. Other popular password elements include the word “love,” usernames, and country names, which are also frequently used.
• In addition, most hacked passwords remain unchanged for years. In 2025, 54% of compromised passwords had already appeared in previous data breaches, highlighting the widespread reuse of outdated credentials. According to data analysis, the average “lifespan” of passwords found in these leaks is 3.5–4 years.

What makes Passkeys more secure?

These findings highlight the critical weaknesses of password-based authentication when strict rules for creation, management, and storage are not followed. In response to the growing demand for stronger security, the industry is increasingly turning to next-generation solutions such as Passkeys, which offer stronger protection against evolving threats.

Passkey technology is based on cryptographic keys and biometric data and is not affected by threats such as phishing or data breaches. A passkey is created for a specific account on a specific platform and is stored directly on the user’s device or in a password manager.

New Passkey feature in Kaspersky Password Manager

When a user registers on a platform that supports passkeys, the device generates a private key and shares a public keywith the service. The private key is stored directly on the device, which improves security but can complicate authorization from other devices.

Now, passkeys can be created and stored directly in Kaspersky Password Manager, allowing users not only to log in to supported services with a single click, but also to access their passkeys across all their devices thanks to secure synchronization.

The Passkey feature is now available on all platforms in the latest version of Kaspersky Password Manager. To create a passkey, first update the application to the latest version and grant all required permissions. Then, open the website where you want to create the passkey and simply follow the in-app instructions to register and store it securely.