Let me start with a question: If you needed a strong password, would you ask AI to create one for you?
At first, that seems like a sensible idea.
Tools like ChatGPT and Copilot can write reports, draft emails, summarize documents, and even generate code. So, asking one of them for a 16-character password full of numbers, symbols, and mixed-case letters feels like a quick and smart shortcut.
But it may not be as safe as it looks.
Researchers recently tested AI tools by asking them to generate secure passwords. On the surface, the results looked impressive: long combinations of letters, numbers, and special characters.
When those passwords were run through online strength checkers, many scored highly. Some tools even estimated they would take centuries to crack.
But deeper analysis told a different story.
AI systems are built on large language models, or LLMs. These models are designed to predict what text should come next based on patterns they've learned. They're very good at producing text that looks convincing and natural.
What they're not built for is true randomness.
And randomness is the foundation of a strong password.
When researchers reviewed dozens of AI-generated passwords, they found repeated patterns. Some passwords were duplicated, and many followed similar structures.
Interestingly, none of them included repeating characters.
That might sound positive at first, but genuine randomness often includes repetition. The total absence of repeated characters suggests the passwords were following learned patterns rather than being generated unpredictably.
Researchers also measured "entropy," which is a technical way of describing how unpredictable something is.
The AI-generated passwords had much lower entropy than a truly random 16-character password should have.
In practical terms, that means they may be easier to crack using brute-force attacks, where attackers test large numbers of possible combinations at high speed.
Online password checkers often miss this issue because they focus on visible complexity.
They see uppercase letters, numbers, and symbols, then assume the password is strong. But they don't account for the hidden patterns AI can introduce.
Even newer models like Gemini 3 Pro have warned users not to rely on chat-generated credentials for sensitive accounts.
That's a warning worth paying attention to.
If you want genuinely secure passwords, use a password manager with a built-in password generator.
These tools use cryptographic randomness, meaning they rely on mathematical processes specifically designed to produce unpredictable results.
AI is a powerful productivity tool. But for security basics like password generation, it's not the right tool for the job.
If you'd like help choosing the right password manager for your business, get in touch.
Click Here or give us a call at 714-369-8197 to Book a FREE 15-Minute Discovery Call.
