With AI tools becoming part of everyday business life, it is easy to assume they can handle almost anything.
From writing emails to generating reports and code, tools like ChatGPT and Copilot are designed to save time and simplify tasks. So when it comes to creating strong passwords, using AI might seem like a smart option.
Unfortunately, it may not be as secure as it looks.
Why AI Passwords Can Be Misleading
Recent research into AI-generated passwords revealed an interesting problem. At first glance, the passwords appeared strong. They included upper and lowercase letters, numbers, and symbols. Many were long and complex enough to score highly on common password strength checkers.
Some tools even estimated they would take hundreds of years to crack.
However, deeper analysis showed these passwords were far less unpredictable than expected.
The Problem with Predictability
AI systems are built using large language models, often called LLMs.
These models are designed to predict patterns in language and generate responses that appear natural and convincing. That works extremely well for writing and communication tasks.
But password security depends on something very different: randomness.
A truly secure password should be unpredictable, with no obvious structure or repeated pattern.
Researchers found that AI-generated passwords often followed similar formats. Some even repeated the same structures across different attempts.
Interestingly, many lacked repeated characters altogether.
While that might sound more organised or secure, genuine randomness often includes repetition naturally. Avoiding it suggests the AI is following learned rules instead of producing truly random combinations.
Why Password Strength Checkers Miss This
Most online password strength tools focus on visible complexity. They check for factors like length, upper and lowercase letters, numbers and special characters.
If a password ticks those boxes, it receives a high score. What these tools do not measure well is predictability behind the scenes.
Even if a password looks complicated, hidden patterns can still make it easier for attackers to crack using automated guessing techniques.
Understanding Entropy in Simple Terms
Researchers measured the “entropy” of AI-generated passwords. Entropy is simply a way of describing how unpredictable something is.
The lower the entropy, the easier it becomes for attackers to narrow down possible combinations.
AI-generated passwords consistently scored lower than truly random passwords of the same length, making them potentially more vulnerable to brute-force attacks.
These attacks rely on rapidly testing huge numbers of password combinations until the correct one is found.
Even AI Tools Are Warning Users
Some newer AI systems have started warning users not to rely on generated passwords for sensitive accounts - that alone highlights the issue.
AI is excellent at creating content that appears convincing to humans, but that does not automatically make it suitable for cyber security tasks.
What You Should Use Instead
For secure passwords, a dedicated password manager remains the best option.
Password managers use cryptographic randomness, which relies on mathematical methods specifically designed to generate unpredictable results.
This produces passwords that are far more secure than those created through pattern-based AI systems.
Password managers also make it easier to:
- Create unique passwords for every account
- Store credentials securely
- Reduce the risk of password reuse
- Improve overall business security
AI Is Powerful, But It Has Limits
AI tools can save businesses time and improve productivity in many areas, however, not every task is suitable for AI-generated solutions.
When it comes to passwords and cyber security fundamentals, unpredictability matters more than convenience.
Using the right tools for the job is still the safest approach.
Need Help Improving Password Security?
If your business is reviewing password policies or considering a password manager, now is a good time to strengthen your approach.
Get in touch to find the right solution for keeping your accounts and data secure.
