Cybersecurity Alert: 94% of Leaked Passwords Are Not Unique

cybersecurity password management password best practices two-factor authentication online security
Edward Zhou
Edward Zhou

CEO & Co-Founder

 
October 2, 2025
3 min read

Cybersecurity Basics: Passwords and Best Practices

Password Habits and Risks

A recent survey by CNET reveals that almost half of U.S. adults (49%) exhibit risky password habits, with 24% using the same password across multiple accounts. This practice significantly increases vulnerability to credential stuffing attacks, as noted by CNET software senior writer Attila Tomaschek, who states, "Reusing the same password across multiple accounts puts users at risk of getting their online accounts compromised through a credential stuffing attack."

Illustration of asterisks and a padlock in a purple password bar against a multicolored background

Image courtesy of CNET

For more information on the survey findings and expert advice on managing passwords, visit CNET.

Common Password Issues

A study by Cybernews highlights that a staggering 94% of leaked passwords are not unique. Commonly used passwords like "123456," "password," and "admin" remain prevalent, contributing to security risks. Cybernews identified "1234" in almost 4% of passwords, with "123456" appearing in 338 million instances.

lance-31.png

Image courtesy of ZDNET

For further details on weak password prevalence, read the full report on ZDNET.

Password Reuse and Account Takeover

Data from Cloudflare indicates that about 41% of successful logins across their protected platforms involve compromised passwords. This data underscores the pervasive issue of password reuse, which leaves users vulnerable to automated bot attacks and account takeovers.

image

Image courtesy of Cloudflare

The analysis indicates that users often reuse passwords across an average of four accounts, amplifying risk post-breach. For more insights on this trend, explore the full analysis on Cloudflare.

Best Practices for Secure Passwords

To protect against these threats, experts recommend several best practices:

  1. Use a password manager: Tools like Bitwarden can automatically create, store, and apply strong passwords for all accounts.
  2. Create strong, complex passwords: Aim for at least 12 characters with a mix of uppercase letters, lowercase letters, numbers, and special characters.
  3. Enable multi-factor authentication (MFA): This adds a second layer of security, making unauthorized access more difficult.
  4. Review password policies: Organizations should enforce strict password requirements to enhance security.

For more guidance on password management, refer to CNET's password management tips.

The Role of Two-Factor Authentication

Implementing two-factor authentication is a critical security measure. Lisa Plaggemier from the National Cybersecurity Alliance emphasizes, "That means that if you are using a password that's easy to crack, or a password that is already for sale on the dark web, a bad guy can't get into your account without that second factor."

For additional information and resources on two-factor authentication, check out Stay Safe Online.

Emerging Alternatives: Passkeys

Some companies are moving towards eliminating passwords altogether, replacing them with passkeys. Microsoft is actively transitioning to this model, providing users with a more secure method of authentication that links passkeys to devices rather than storing them online.

For more details on Microsoft's shift to passkeys, visit Microsoft.

Implementing these practices can significantly enhance both personal and organizational cybersecurity.

Edward Zhou
Edward Zhou

CEO & Co-Founder

 

CEO & Co-Founder of Gopher Security, leading the development of Post-Quantum cybersecurity technologies and solutions.

Related News

NIST Standards Drive 2026 Mandates for Securing AI Infrastructure and Model Context Protocol Deployments
NIST AI Risk Management Framework

NIST Standards Drive 2026 Mandates for Securing AI Infrastructure and Model Context Protocol Deployments

Prepare for 2026 NIST AI mandates. Learn how to secure autonomous agents and Model Context Protocol (MCP) deployments against evolving enterprise security threats.

By Alan V Gutnov June 11, 2026 6 min read
common.read_full_article
Active Directory Certificate Services Now Supports Post-Quantum Cryptography for Windows Environments
Post-Quantum Cryptography AD CS

Active Directory Certificate Services Now Supports Post-Quantum Cryptography for Windows Environments

Microsoft adds Post-Quantum Cryptography (PQC) to AD CS. Learn how ML-DSA and hybrid key exchanges protect Windows environments against Harvest Now, Decrypt Later.

By Edward Zhou June 12, 2026 4 min read
common.read_full_article
Enterprises Face 2026 Deadline for NIST-Compliant Post-Quantum Cryptography Migration and Infrastructure Readiness
NIST post-quantum cryptography standards 2026

Enterprises Face 2026 Deadline for NIST-Compliant Post-Quantum Cryptography Migration and Infrastructure Readiness

Is your enterprise ready for the 2026 NIST PQC deadline? Learn how to mitigate Harvest Now, Decrypt Later threats and update your infrastructure to quantum-resistant standards.

By Brandon Woo June 10, 2026 7 min read
common.read_full_article
Cloud and Zero Trust Architecture Adoption Accelerate Modernization of Industrial Control Systems Security
industrial control systems zero trust

Cloud and Zero Trust Architecture Adoption Accelerate Modernization of Industrial Control Systems Security

Explore how Zero Trust Architecture and cloud adoption are transforming Industrial Control Systems (ICS) security to mitigate modern cyber threats.

By Alan V Gutnov June 9, 2026 4 min read
common.read_full_article