Why short and predictable passwords still put your data at risk

0Shares
Short passwords like "abc123" are still widely used despite being cracked instantly [Photo by Antoni Shkraba Studio from Pexels: https://www.pexels.com/photo/person-using-black-laptop-computer-5475752/]
Short passwords like “abc123” are still widely used despite being cracked instantly [Photo by Antoni Shkraba Studio from Pexels: https://www.pexels.com/photo/person-using-black-laptop-computer-5475752/]

Weak passwords remain the leading cause of data breaches, with over 80 percent of incidents tied to compromised credentials. Hostinger’s security experts analyzed thousands of leaked password entries using machine learning and behavioral analysis to uncover the most frequent user errors — and the results show why online safety remains a major concern.

One of the biggest issues is password length. Hostinger found that 21.7 percent of the passwords studied were under 8 characters and all were instantly cracked. People often opt for short passwords because they’re easier to remember, but these are especially vulnerable to brute-force attacks. Experts recommend a minimum of 12 characters, preferably in the form of a sentence or memorable phrase.

Even passwords that appear “unique” often follow predictable formats. Combinations like “minebluecar67” may seem secure but are made from low-entropy patterns that make them easy to guess. Users tend to pick familiar words with a number or two tacked on, which offers little real protection.

Length alone doesn’t guarantee strength

Surprisingly, longer passwords weren’t always better. Hostinger observed a 13 percent crack rate for passwords longer than 20 characters when users relied on repetition, like “aaaaaaa” or “123123123.” These long but pattern-based passwords gave attackers an easy way in.

Another major oversight is reusing compromised passwords. Hostinger identified 475 passwords in their analysis that matched the top 10 million most leaked credentials. Many users remain unaware that their passwords have already been exposed and continue to reuse them across platforms.

Hostinger’s Head of Security, Egidijus Navardauskas, emphasized that setting a strong password isn’t a one-time task. “Security and privacy are ongoing processes,” he said. “New threats appear constantly. That’s why reviewing your settings, using strong and unique passwords, enabling two-factor authentication, and staying informed are crucial.”

0Shares
WeRide launches Southeast Asia’s first fully driverless Robobus at Resorts World Sentosa

WeRide launches Southeast Asia’s first fully driverless Robobus at Resorts World Sentosa

Vantiq and Argosy Partners launch Southeast Asia AI push with Philippines as smart innovation hub

Vantiq and Argosy Partners launch Southeast Asia AI push with Philippines as smart innovation hub

FUJIFILM adds White and Silver to Revoria Press color lineup for premium print innovation

FUJIFILM adds White and Silver to Revoria Press color lineup for premium print innovation

PH rises in global innovation ecosystem, set to host its 1st Int’l Conference, Expo on IP commercialization

PH rises in global innovation ecosystem, set to host its 1st Int’l Conference, Expo on IP commercialization

Leave a Reply