In 2025, weak passwords remain one of the most widespread and at the same time dangerous reasons for compromising user accounts.
This problem is particularly acute for the countries of Central and Eastern Europe, including Ukraine, where cyber attacks are becoming more and more destructive. According to Microsoft’s report, about 7,000 password breach attempts got blocked. In their Threat Horizons Report H1 2025 report, Google underlines that the most widespread methods of compromising identity include fingering through widely used and easy to guess passwords, repeated use of stolen account data, phishing and social engineering. Both companies emphasize the importance of multi-factor authentication and generating reliable passwords as basic instruments for withstanding threats.
The situation in Ukraine demonstrates how critical the problem is. CERT-UA regularly records mass thefts of user accounts in messengers services, used by intruders for phishing and spying. In December 2023, one of the highest-impact disruptive attacks happened since the onset of the full-scale invasion: intruders attacked the telecom operator Kyivstar, probably through the user account of an employee. The attack led to massive communication breakdowns all over Ukraine and was recognized by the British intelligence as one of the most destructive attacks on Ukrainian IT networks during the whole invasion.
At that, the problem does not limit itself to separate countries. The situation is no less alarming across Europe. In Spain, for example, Orange experienced the overtaking of its BGP traffic after an intruder used administrator account information obtained via malware. The annual report of the Department of state security of the Lithuanian Republic (VSD) and the Defense Intelligence and Security Service accentuates that the human factor remains one of the key threats in the digital realm.
However, against the growing threats, the situation gradually improves. More and more companies and users implement multi-factor authentication and use password managers. Microsoft, for one, actively implements the support of passkeys in its Microsoft Entra system and Microsoft Authenticator. These innovations, covering over billion users, will allow the use of biometric passkeys, lowering the risk of phishing and breaches and significantly facilitates access to user accounts.
So, weak passwords are not mere technical errors—they are a strategic vulnerability. The events in Central and Eastern Europe in recent years confirms that even a single point of vulnerability—being a weak password or not appropriately protected user account—can lead to catastrophic consequences. At the same time, technological progress and the growing user awareness are laying the foundation for a safer digital environment.
Olga is a recognized expert in IT and information security with 19 years of experience. Among other things, she specializes in information security systems design and implementation. Her profound knowledge of IT technologies and principles of building IT infrastructure put her in the position of the Chairperson of the Committee on IT and Cyber Security of the German-Ukrainian Chamber of Industry and Commerce. Olga is also the CEO of the Ukrainian IT company Silvery LLC.
