Let me start with a simple question:
If you needed a strong password, would you ask an AI to generate one for you?
It sounds completely reasonable.
After all, tools like ChatGPT and Copilot can write reports, draft emails, and even generate working code. Asking them for a 16-character password full of symbols, numbers, and mixed-case letters feels like a smart shortcut.
But this is one shortcut you might want to avoid.
The Illusion of Strength
Researchers recently put AI tools to the test by asking them to generate “secure” passwords.
At first glance, the results looked impressive:
- Long strings of characters
- A mix of uppercase, lowercase, numbers, and symbols
- High scores on online password strength checkers
Some password tools even claimed these AI-generated passwords would take centuries to crack.
Sounds reassuring, right?
Not quite.
The Hidden Problem: Predictability
When experts analyzed these passwords more deeply, a different story emerged.
AI systems are powered by Large Language Models (LLMs). These models are designed to predict the next text based on patterns they’ve learned.
That makes them excellent at producing natural-looking content.
But here’s the catch:
They are not designed to produce true randomness.
And randomness is exactly what strong passwords depend on.
Patterns You Can’t See
When researchers examined dozens of AI-generated passwords, they noticed:
- Repeating patterns in structure
- Similar formatting across different passwords
- Even some duplicate passwords
An especially interesting finding:
👉 None of the passwords contained repeating characters.
At first, that might sound like a good thing.
But in truly random data, repetition is normal.
The absence of repetition suggests these passwords were shaped by learned rules—not generated unpredictably.
Why Entropy Matters
To measure password strength accurately, researchers use a metric called entropy.
Put simply, entropy measures how unpredictable something is.
- High entropy = harder to guess
- Low entropy = easier to crack
Despite looking complex, AI-generated passwords had significantly lower entropy than a truly random 16-character password.
That means:
They could be much easier to break using brute-force attacks.
Why Password Checkers Miss This
You might be wondering:
“Why did password strength tools rate them so highly?”
Because most password checkers only evaluate visible complexity, such as:
- Length
- Use of symbols
- Capitalization
- Numbers
They don’t detect hidden patterns or predictability, which is where AI-generated passwords fall short.
Even AI Says “Don’t Do This”
Interestingly, some newer AI models (like Gemini 3 Pro) have started warning users against relying on AI-generated passwords for sensitive accounts.
That alone should raise a red flag.
What You Should Do Instead
If you want genuinely secure passwords, the solution is simple:
👉 Use a password manager with a built-in password generator.
These tools rely on cryptographic randomness—a method specifically designed to produce unpredictable results.
That’s what makes passwords truly secure.
Final Thoughts
AI is incredibly powerful. It can save time, boost productivity, and simplify complex tasks.
But when it comes to security fundamentals like passwords, it’s simply the wrong tool for the job.
When unpredictability matters, prediction engines aren’t your friend.
✅ If you’d like help choosing the right password manager for your business or team, get in touch. I’d be happy to help.