Telecommunications, banking, and e-commerce users in the Philippines may need to rethink how they create passwords after cybersecurity company Kaspersky found that 68% of leaked passwords can be cracked within a day.
The company analyzed 231 million unique passwords exposed in major data leaks from 2023 to 2026 and found that many people still rely on predictable patterns such as adding numbers at the beginning or end of passwords.
The study showed that 53% of compromised passwords ended with digits, while 17% started with numbers. Around 12% contained date-like sequences, and 3% included keyboard patterns such as “1234” or “qwerty.”
Kaspersky also found that common symbols make passwords easier to crack. The “@” symbol appeared in 10% of passwords containing only one special character, followed by the period and exclamation point.
Alexey Antonov, team lead for Data Science at Kaspersky, said cybercriminals already know the patterns most users follow when creating passwords.
“Bruteforce works by systematically trying every possible character combination until the correct password is found. When attackers already know which characters users tend to favor, the time required to crack a password drops dramatically,” Antonov said.
The research also showed how internet culture influences password choices. Use of the word “Skibidi” in passwords increased 36 times between 2023 and 2026, illustrating the popularity of the online trend.
Positive words such as “love,” “magic,” “friend,” “angel,” and “star” were also commonly used in passwords, while negative words like “hell,” “devil,” and “nightmare” appeared less often.
Kaspersky warned that password length alone is no longer enough to stop modern attacks powered by artificial intelligence (AI). While passwords with fewer than eight characters are usually cracked in under a day, more than 20% of 15-character passwords can now be broken in less than a minute if they follow predictable patterns.
The company said 60.2% of all analyzed passwords could be cracked within an hour.
The calculations were based on a single RTX 5090 graphics processing unit (GPU) using the MD5 algorithm. Kaspersky noted that attackers often use multiple GPUs, which can significantly speed up password cracking.
Antonov advised users to avoid single-word passwords, even if they include numbers or symbols.
“Instead, craft a passphrase that strings together several unrelated words, each supplemented with internal numbers and symbols, and sprinkle in a few intentional misspellings,” he said.
Kaspersky also recommended enabling two-factor authentication (2FA) and using password managers to generate and store unique passwords across devices. The cybersecurity company recently added a password generator to its online password checker tool, allowing users to create random passwords for free.
For businesses in the Philippines, the findings highlight the growing risk of weak employee credentials as cyberattacks and data breaches continue to grow across banking, telecommunications, retail, and government systems.