Weak passwords remain one of the biggest drivers of data breaches.

As technology continues to expand, privacy and strong passwords have become paramount to ensure that businesses and personal information are protected.

Each day, millions of people use the internet to log into websites, do their banking, shop online or access different search engines on the web, and to be updated and informed about daily events, communicate effectively, and perform different tasks that provide greater comfort and well-being.

Because people are online daily and for long periods of time, the risks of being a victim of a cyber-attack via the internet are increasing.

To better understand why so many passwords fail to offer real protection, Hostinger’s experts analysed thousands of real-world entries across multiple leaked datasets.

Using a combination of machine learning and behavioural analysis, the company identified the most common mistakes and why users continue to make them.

Short passwords

According to Hostinger, 21.7% of the passwords it analysed were under 8 characters – all of them were cracked instantly.

Short passwords are quicker to type and easier to remember. But they’re also the first to fall to brute-force attacks.

Your password should be at least 12 characters long, ideally using a phrase or sentence you’ll remember.

Unique

Passwords that look unique (like “minebluecar67”) are often made from low-entropy patterns that are easy to break. People choose familiar word-number combinations, thinking they’re safer than generic passwords. But these formats are highly predictable.

Mix uppercase, lowercase, numbers, and special characters, and avoid common words or patterns.

Weak

Hostinger said even though some of the passwords they analysed were over 20 characters long, they had a 13% crack rate, making them nearly as easy to break as much shorter passwords.

“People assume longer passwords are automatically stronger, but repetition lowers security (like “aaaaaaa” or “123123123”). Avoid repetition. Variety in structure is just as important as overall length.”

Breached passwords

A large portion of passwords used today still appear in the top 10 million most leaked passwords. In Hostinger’s study, 475 passwords matched high-frequency entries from global breach lists.

People aren’t aware their credentials have been compromised, or they reuse old passwords out of habit.

Use sites like “Have I Been Pwned” to regularly check your credentials and avoid reusing any password that appears on a known breach list.

Protection

Egidijus Navardauskas, head of security at Hostinger, says many people assume that once they’ve set up their privacy settings or chosen a strong password, they’re fully protected.

“But the truth is, security and privacy are ongoing processes. New threats and vulnerabilities appear constantly, and the platforms we use are always evolving.

“Staying safe means staying alert — regularly reviewing your privacy settings, keeping your passwords strong and unique, and making sure two-factor authentication (2FA) is active are just as important as the initial setup”.

Navardauskas said security-related settings should be maintained over time to ensure they still reflect your needs and provide the right level of protection.

