Hostinger Identifies Common Password Mistakes, Ways to Fix Them
Are You Making Any of These Mistakes?
Weak passwords remain one of the biggest drivers of data breaches, with over 80% of incidents linked to compromised credentials. To better understand why so many passwords fail to offer real protection, Hostinger’s experts analysed thousands of real-world entries across multiple leaked datasets. Hostinger is a global web hosting company with over 900 experts.
Using a combination of Machine Learning and behavioural analysis, the Hostinger team identified the most common password mistakes and why users keep making them. Here are the top mistakes identified:
1. Using Short Passwords
Insight: 21.7% of the passwords we analysed were under 8 characters, and all of them were cracked instantly.
Why It Happens: Short passwords are quicker to type and easier to remember. But they are also the first to fall to brute-force attacks.
What You Can Do Now: Hostinger recommends that make your password is at least 12 characters long, ideally using a phrase or sentence you will remember.
2. Using “Unique” Passwords
Insight: Passwords that look unique (like “minebluecar67”) are often made from low-entropy patterns that are easy to break.
Why It Happens: People choose familiar word-number combinations, thinking theyare safer than generic passwords. But these formats are highly predictable.
What You Can Do Now: Mix uppercase, lowercase, numbers, and special characters, and avoid common words or patterns.
3. “Very Weak” Doesn’t Always Mean “Short”
Insight: Even though some of these passwords were over 20 characters long, they had a 13% crack rate, making them nearly as easy to break as much shorter passwords.
Why It Happens: People assume longer passwords are automatically stronger, but repetition lowers security (like “aaaaaaa” or “123123123”).
What You Can Do Now: Avoid repetition. Variety in structure, Hostinger found out, is just as important as overall length.
4. Not Knowing Breached Passwords
Insight: A large portion of passwords used today still appear in the top 10 million most leaked passwords. In our study, 475 passwords matched high-frequency entries from global breach lists.
Why It Happens: People are not aware their credentials have been compromised, or they reuse old passwords out of habit.
What You Can Do Now: Use sites like “Have I Been Pwned” to regularly check your credentials and avoid reusing any password that appears on a known breach list.
“A lot of people assume that once they’ve set up their privacy settings or chosen a strong password, they’re fully protected. But the truth is, security and privacy are ongoing processes. New threats and vulnerabilities appear constantly, and the platforms we use are always evolving,” said Egidijus Navardauskas, Head of Security at Hostinger. “Staying safe means staying alert—regularly reviewing your privacy settings, keeping your passwords strong and unique, and making sure two-factor authentication (2FA) is active are just as important as the initial setup. Security-related settings should be maintained over time to ensure they still reflect your needs and provide the right level of protection.”
