68% of Passwords Can Be Cracked Within a Day

The Kaspersky report underscores how generative AI is accelerating password cracking, turning a task that once took weeks into a matter of hours or minutes. By analyzing 231 million credentials from 2023‑2026, the firm found that 68 % of modern passwords succumb to AI‑augmented brute‑force attacks within 24 hours. Predictable patterns—such as trailing digits, common symbols like "@," and date‑like sequences—drastically reduce the search space, allowing sophisticated algorithms to guess passwords at unprecedented speed. This shift challenges the traditional belief that longer or superficially complex passwords provide sufficient protection.

User behavior remains the weakest link. Over half of the examined passwords terminate with numbers, and a notable 12 % embed date ranges, while keyboard sequences still appear in 3 % of leaks. Even passwords meeting complexity guidelines falter when they follow familiar structures. Security professionals now advocate for truly random passphrases generated by reputable password managers, coupled with multi‑factor authentication (MFA) to mitigate reliance on static secrets. Organizations must also educate employees about the dangers of reusing patterns across work and personal accounts, as attackers exploit cross‑platform credential reuse.

Beyond the technical breach, the report highlights a booming cyber‑crime‑as‑a‑service ecosystem powered by AI. Stolen Facebook and Gmail accounts trade for $45‑$65, whereas high‑value corporate logins can command upwards of $113 000. The migration of transactions to Telegram bots and dark‑web forums accelerates monetisation, making rapid credential harvesting a lucrative business model. Companies should therefore invest in continuous monitoring, anomaly detection, and AI‑driven threat intelligence to stay ahead of attackers who now view passwords as a commodity rather than a barrier.