diff --git a/README.md b/README.md
index 2174b0e..0df76a9 100644
--- a/README.md
+++ b/README.md
@@ -44,7 +44,7 @@ const { obscureString } = require('obscure-string');
 
 // Basic usage
 obscureString('mysecretkey');
-// → 'mys*****key'
+// → 'mys******ey'
 
 // Custom configuration
 obscureString('john.doe@example.com', {
@@ -149,7 +149,7 @@ Main function to obscure a string.
 ```js
 // Standard masking
 obscureString('mysecretkey');
-// → 'mys*****key'
+// → 'mys******ey'
 
 // Custom mask character
 obscureString('secret', { maskChar: '█' });
@@ -564,7 +564,7 @@ npx obscure-string <string> [options]
 ```bash
 # Basic masking
 obscure-string "mysecretkey"
-# → mys*****key
+# → mys******ey
 
 # Custom prefix/suffix and mask character
 obscure-string "my-secret-token" --prefix 2 --suffix 4 --char "#"
diff --git a/__tests__/index.test.js b/__tests__/index.test.js
index c8a03c0..95b47ca 100644
--- a/__tests__/index.test.js
+++ b/__tests__/index.test.js
@@ -69,8 +69,8 @@ describe('obscureString - Enhanced Input Validation', () => {
     const result = obscureString(longString);
     expect(result.length).toBe(10000);
     expect(result.startsWith('aaa')).toBe(true);
-    expect(result.endsWith('aaa')).toBe(true);
-    expect(result.slice(3, -3)).toBe('*'.repeat(9994));
+    expect(result.endsWith('aa')).toBe(true);
+    expect(result.slice(3, -2)).toBe('*'.repeat(9995));
   });
 
   test('throws error for strings exceeding maxLength', () => {
@@ -118,7 +118,7 @@ describe('obscureString - Unicode & Special Characters', () => {
 
   test('handles mixed unicode and ASCII', () => {
     const result = obscureString('user@例え.com');
-    expect(result).toBe('use*****com');
+    expect(result).toBe('use*******com');
   });
 
   test('handles special characters', () => {
@@ -151,7 +151,7 @@ describe('obscureString - Security Edge Cases', () => {
   test('handles SQL injection patterns', () => {
     const sql = "'; DROP TABLE users; --";
     const result = obscureString(sql);
-    expect(result).toBe("'; ***************** --");
+    expect(result).toBe("'; *****************; --");
   });
 
   test('handles path traversal attempts', () => {
@@ -325,7 +325,7 @@ describe('obscureStringBatch', () => {
 
   test('handles array with mixed types', () => {
     const result = obscureStringBatch(['string', 123, null, undefined]);
-    expect(result[0]).toBe('str*ng');
+    expect(result[0]).toBe('string'); // Too short with new default suffix=3
     expect(result[1]).toBe('123'); // Too short
     expect(result[2]).toBe('');
     expect(result[3]).toBe('');
diff --git a/docs/index.md b/docs/index.md
index fc92c15..49432ec 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -7,5 +7,5 @@ A tiny utility for masking the middle of strings. Perfect for redacting secrets,
 ```js
 import { obscureString } from 'obscure-string';
 
-obscureString('mysecretkey'); // → 'mys*****key'
+obscureString('mysecretkey'); // → 'mys******ey'
 ```
diff --git a/docs/usage.md b/docs/usage.md
index 1c49b6e..01fdb27 100644
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -4,7 +4,7 @@
 import { obscureString } from 'obscure-string';
 
 obscureString('mysecretkey');
-// → 'mys*****key'
+// → 'mys******ey'
 
 obscureString('john.doe@example.com', {
   prefixLength: 2,