If your password ends in a number, you are in the majority, and that is exactly the problem. For World Password Day, Kaspersky analyzed 231 million unique passwords from leaks between 2023 and 2026 and found that 68 percent can now be cracked within a day. The patterns we all fall into are the reason.

The headline stat is blunt, but the breakdown is what should change your habits. More than half of compromised passwords either begin or end with a digit, which is precisely the predictability that brute-force tools feast on. Specifically, 53 percent end with digits, 17 percent begin with them and nearly 12 percent contain a date-like sequence between 1950 and 2030.

Why the usual rules are not enough

Most of us follow the standard advice: at least 10 characters, an uppercase letter, a number and a symbol. Kaspersky's point is that following those rules no longer guarantees safety against AI-assisted attacks. Even our symbols are predictable, with "@" appearing in 10 percent of single-symbol passwords and the dot a distant second.

We also reach for emotional and trending words. Positive picks like "love," "star" and "angel" show up far more than negatives like "devil" or "nightmare," and one trend stood out: use of the word "Skibidi" in passwords jumped 36 times over the two-year window, tracking the internet meme. As data scientist Alexey Antonov puts it, once attackers know which characters people favor, the time to crack a password drops sharply.

Length helps, but it is not a shield

Long passwords are harder to crack, yet length alone no longer saves you if the pattern is predictable. Kaspersky found that more than 20 percent of 15-character passwords could be broken in under a minute using a single RTX 5090 GPU. Across all lengths, about 60 percent fall in roughly an hour and 68 percent within a day, and real attackers rent many GPUs at once, which multiplies the speed.

For Filipinos doing more banking, shopping and work online, the fix is practical. Build a passphrase from several unrelated words with numbers and symbols mixed inside rather than tacked on the end, make it unique per account and reach for a password manager so you do not have to remember them. Turn on two-factor authentication wherever you can. None of this is new advice, but the cracking speeds finally make the case impossible to ignore.

This article covers password security research and general protection tips. It does not describe how to carry out any attack.