ISLAMABAD: A leading cybersecurity company Thursday advised Pakistanis to follow secure passwords rules and shared practical advice to make passwords more complex and secured.

In modern terms, truly secure passwords not only meet the gold standard of 16+ characters, but also consist of random, non-repeating letters, numbers, and symbols, and are unique for each account, the report recommended.

Kaspersky experts analyzed 231 million unique passwords in major password leaks from 2023 to 2026, and uncovered several key patterns. First, 68% of modern passwords can be cracked within a day. Second, it turned out that the vast majority of compromised passwords either begin or end with a digit – a common pattern that makes them potentially vulnerable to brute force attacks. And third, users also favor positive and trending words; for example, over the past couple of years, use of the word “Skibidi” in analyzed passwords surged 36 times, mirroring the rise of that internet trend.

In recent years, secure passwords’ rules have become a widely discussed topic. More and more services now demand passwords that are at least 10 characters long, include an uppercase letter, and contain a number or a symbol. Yet a comparative analysis of leaked passwords from the past few years showed that even following some of those rules does not guarantee resistance to brute force or AI driven attacks.

Kaspersky experts share practical advice on how to make passwords more complex and secure, and how not to repeat common mistakes.

It’s well known that longer passwords are harder to crack, and the analysis of leaked passwords confirms this principle. However, with the rise of AI driven tools, length alone no longer guarantees security: even lengthy passwords can be compromised if they follow predictable patterns.

The research shows that short passwords of up to eight characters that appeared in the leak are typically cracked by brute force attacks in under a day. However, thanks to AI-powered smart algorithms, more than 20 percent of 15-character passwords can be broken in less than a minute, the report added.

Copyright Business Recorder, 2026