Researchers have uncovered significant security flaws in AI-generated passwords. Chatbots such as ChatGPT, Claude, and Gemini are proving unreliable in creating truly random and secure credentials.
Studies reveal that these large language models often repeat password strings and employ identifiable patterns. This makes accounts secured with AI-generated passwords significantly easier for hackers to breach.
For instance, one test showed Claude generating the same password multiple times across 50 prompts. While these passwords may appear complex with a mix of characters, their predictable nature leads to low "entropy," a measure of unpredictability. Hackers can exploit this by collecting common AI-generated password patterns and trying them during brute-force attacks.
The underlying issue stems from how AI models function: they are designed to predict the next logical data point in a sequence, rather than generate true randomness. This contrasts with dedicated password managers, which use cryptographic methods to create unique, unpredictable sequences.
Experts recommend using a reputable password generator or creating your own strong, unique passwords by combining uncommon words and symbols. For enhanced security, consider adopting passkeys where supported, which leverage device biometrics for authentication, eliminating the need for passwords altogether.