Half of Compromised Passwords in 2025 Had Already Been Leaked, Kaspersky Study Finds
A new Kaspersky study reveals that nearly half of all compromised passwords in 2025 were already exposed in previous data breaches and remained unchanged for years, significantly weakening user account security. To help users adopt safer authentication methods, Kaspersky Password Manager has been upgraded with Passkey technology, enabling secure account access and seamless synchronization across multiple devices.
While passwords remain a primary authentication tool, they have become increasingly inadequate in modern threat environments. Created directly by users, passwords are often influenced by human behaviors and predictable patterns, making them susceptible to cracking and reuse. Kaspersky experts analyzed large-scale password leaks between 2023 and 2025 and uncovered several recurring behaviors:
Users frequently embed predictable personal elements such as numbers, dates, and identifiers into their passwords. Kaspersky’s data shows that 10% of leaked passwords included a year between 1990 and 2025, while 0.5% of leaked passwords ended with “2024” — the equivalent of one in every 200 leaked passwords.
The most common password combination remained “12345”, drastically reducing cryptographic resistance and accelerating brute-force attacks. Other frequently used elements included the word “love”, users’ personal names, and country names.
A large proportion of passwords remain unchanged for years. In 2025, 54% of leaked passwords were tied to previous breaches, highlighting excessive reuse of outdated login credentials. The average age of passwords appearing in analyzed leaks ranged between 3.5 to 4 years.
---
Why Passkeys Offer Stronger Protection
These findings underscore a substantial vulnerability in traditional password-based authentication, especially when best practices for creation, storage, and management are not strictly followed. In response to rising cyber risks, the cybersecurity industry is accelerating its adoption of next-generation security technologies such as Passkeys, which provide stronger resistance to modern threats.
Passkey authentication relies on cryptographic keys and biometric verification. Unlike traditional passwords, Passkeys are not exposed to risks such as phishing attacks or database leaks. Each passkey is designed for a specific account on a single platform and remains securely stored on the user’s device or within a password manager.
---
New Passkey Feature in Kaspersky Password Manager
When a user registers on a Passkey-supported platform, the device automatically generates a private key and shares a public key with the service. The private key is stored securely on the device, offering a higher level of protection but complicating login from different devices.
Kaspersky now enables users to create and store Passkeys directly in Kaspersky Password Manager, allowing them to sign in to services with a single tap and access their Passkeys across all devices through secure synchronization.
“From our own experience, we’ve seen how constantly juggling logins and passwords for work, study and even leisure can erode both time and security. Kaspersky Password Manager has long streamlined this process with tools like our secure password generator and auto-fill functionality – ensuring users never sacrifice safety for speed. In addition to that, we are happy to offer our customers a new Passkey feature – an enhanced level of account protection that makes authentication even simpler and, most importantly, more secure,” said Marina Titova, Vice President for Consumer Business at Kaspersky.
Passkey functionality is now available across all platforms in the latest version of Kaspersky Password Manager. Users should update the app, grant the necessary permissions, open any supported website, and follow in-app steps to register and save a Passkey.
The updated Kaspersky Password Manager is available for installation here.