The 4 most important password errors that jeopardize security

[German]Even if Information Technology should move towards passwordless logins (passkey & Co.), logins using a user name and password are still widespread. Just as widespread are certain mistakes when choosing passwords, which jeopardizes security. I recently received an overview from Hostinger on this topic, which I would like to briefly post here.

Weak passwords are still one of the main causes of data protection incidents. Unfortunately, over 80% of incidents can be linked to compromised credentials, Hostinger writes. To better understand why so many passwords offer no real protection, Hostinger's experts analyzed thousands of real-world entries in several leaked data sets.

The four most common password mistakes

A combination of machine learning and behavioral analysis was used to identify the most common password mistakes and find out why users keep making them.

1. Use short passwords

Finding: 21.7% of the passwords analyzed by Hostinger were less than 8 characters – all of which were immediately cracked.

Why this is the case: Short passwords are quicker to write and easier to remember. But they are also the first to be cracked by brute force attacks: Make sure your password is at least 12 characters long, preferably in the form of a phrase or sentence you can remember. Weak passwords remain one of the leading causes of data security incidents.

Unfortunately, over 80% of incidents can be linked to compromised credentials, Hostinger writes. To better understand why so many passwords offer no real protection, Hostinger's experts analyzed thousands of real-world entries in several leaked data sets.

2. Use "unique" passwords

Insight: Passwords that look unique (like "minebluecar67") often consist of low-entropy patterns that are easy to crack: People choose familiar word-number combinations because they believe they are more secure than generic passwords. But these formats are very predictable.

What you can do now: Mix uppercase letters, lowercase letters, numbers and special characters and avoid common words or patterns.

3. "Very weak" doesn't always mean "short"

Insight: Although some of these passwords were more than 20 characters long, the crack rate was 13%, so they were almost as easy to crack as much shorter passwords: People assume that longer passwords are automatically more secure, but repetition reduces security (like "aaaaaaa" or "123123123").

What you can do now: Avoid repetition. Variety in the structure is just as important as the overall length.

Findings: A large proportion of the passwords used today still appear in the top 10 million most frequently leaked passwords. In the study conducted by Hostigner, 475 passwords matched high-frequency entries from lists of global security breaches.

Why this happens: People are unaware that their login credentials have been compromised, or they reuse old passwords out of habit.

What you can do now: Use sites like "Have I Been Pwned" to regularly check your login credentials and avoid reusing passwords that are on a known breach list.

Conclusion of the study

Many people assume that once they have set up their privacy settings or chosen a strong password, they are fully protected.
But the truth is that security and privacy is an ongoing process. New threats and vulnerabilities are emerging all the time, and the platforms we use are constantly evolving.

Staying safe requires vigilance – regularly reviewing privacy settings, using strong and unique passwords and enabling two-factor authentication (2FA) are just as important as the initial setup.

Security-related settings should be maintained over time to ensure they still meet your needs and provide the right level of protection.