Kaspersky’s latest research reveals that the majority of compromised passwords not only violate password-safety guidelines but also remain unchanged for extended periods, which drastically reduces their security. To provide users with access to more sophisticated and modern ways to log in Kaspersky Passwords Manager has been enhanced with Passkey technology, enabling users to securely access their accounts while enjoying seamless cross-device synchronization.
Although passwords still remain one of the major authentication methods, they no longer top the security charts. Often crafted by users themselves, passwords are heavily influenced by human factors, which makes them potentially vulnerable. Kaspersky experts analyzed major password leaks from 2023 to 2025 and identified several recurring patterns:
· Users frequently append predictable elements like numbers, dates, and personal identifiers to their passwords. For example, 10% of passwords in datasets analyzed contain a number resembling a date (from 1990 to 2025), 0.5% of all leaked passwords end with the number 2024, which is every 200th password!
· The most commonly occurring password combination is '12345', which drastically reduces cryptographic strength and shortens the time required for brute-force attacks to succeed. Among other popular password components are the word 'love' and users’ names, as well as countries’ names which are also often included in passwords.
· Moreover, the majority of leaked passwords remain unchanged for years. In 2025 54% of leaked passwords had already been part of prior data breaches, underscoring widespread reuse of outdated passwords. According to data analysis the average lifetime of the password found in these leaks is 3.5-4 years.
What makes Passkeys more secure?
All these findings highlight the critical vulnerability of password-based authentication when protocols for creation, management, and storage are not rigorously followed. In response to the growing need for robust security, the industry is increasingly shifting its focus toward next-generation solutions like Passkeys, which offer stronger protection against evolving threats.
Passkey technology is based on cryptographic keys and biometrics, and is not subjected to threats like phishing or data leaks. A passkey is created for a particular account on a particular platform and is stored directly on the user’s device or in a password manager.
New Passkey feature in Kaspersky Password Manager
When a user registers on a platform that supports Passkey, the device creates a private key and shares a public key with the service. The private key is stored directly on the device, which is good from a security point of view, but complicates authorization from other devices.
Now Passkeys can be created and stores directly in Kaspersky Password Manager, which allows users to not only sign in to supported services with a single tap, but also access Passkeys on all their devices owing to secure synchronization.
“From our own experience, we’ve seen how constantly juggling logins and passwords for work, study and even leisure can erode both time and security. Kaspersky Password Manager has long streamlined this process with tools like our secure password generator and auto-fill functionality – ensuring users never sacrifice safety for speed. In addition to that, we are happy to offer to our customers a new Passkey feature – an enhanced level of accounts protection which makes authentication even simpler and, most importantly, more secure” comments Marina Titova, Vice President for Consumer Business at Kaspersky.
Passkey functionality is now available on all platforms in the latest version of Kaspersky Password Manager. To create a passkey in Kaspersky Password Manager, first update the app to the latest version and grant it all necessary permissions. Then, open the website where you want to create the passkey and simply follow the in-app guidance to register and save it.
Updated Kaspersky Password Manager can be installed here.
