When it comes to online security, there are a few essential rules to follow: create robust and unique passwords for each account, avoid reusing passwords, and enable two-factor authentication whenever possible. While these steps form a solid foundation for your digital safety, the method of password creation is equally crucial. Therefore, it is advisable to steer clear of using AI tools for generating your passwords.
For those who enjoy using chatbots like ChatGPT, Claude, or Gemini, asking an AI to generate passwords may seem convenient. However, despite their capabilities in various tasks, these large language models (LLMs) are not particularly effective at creating secure passwords.
The Insecurity of AI-Generated Passwords
Recent research has examined the security of passwords generated by AI, revealing concerning results. Tests conducted on platforms like ChatGPT, Claude, and Gemini indicated that the generated passwords tend to be "highly predictable" and lack true randomness. For instance, Claude produced only 23 unique passwords out of 50 attempts, repeating the same password multiple times. Similar issues were observed with other AI systems, highlighting a significant flaw in their password generation capabilities.
At first glance, these AI-generated passwords may appear strong due to their combination of letters, numbers, and special characters. However, their inherent predictability and recognizable patterns undermine their effectiveness. Researchers assessed the "entropy" of these passwords--essentially a measure of unpredictability--and found it to be significantly lower than desired. This weakness can be exploited by hackers, who could easily compile a list of commonly generated passwords to attempt unauthorized access.
It might be surprising that chatbots struggle with generating truly random passwords, but it makes sense given their operational design. LLMs are trained to predict the next character in a sequence based on patterns in their training data, which contradicts the randomness needed for secure passwords.
Creating Secure Passwords is Simple
In contrast, traditional password managers are built to generate genuinely random sequences by utilizing cryptographic methods, making them far more secure. These tools do not rely on existing data patterns, minimizing the risk of duplication. While many password managers include secure password generators, you can also create strong passwords manually. Simply combine two or three uncommon words and mix in some special characters for a unique touch.
Exploring Passkeys for Enhanced Security
For those seeking even greater security, consider using passkeys when available. Passkeys offer the convenience of passwords while integrating the security of two-factor authentication. With passkeys, your device serves as your password, utilizing built-in authentication methods like face recognition or a fingerprint scan. While not all services support passkeys yet, they represent a promising step toward more secure and user-friendly online authentication.
