Don’t Use AI to Generate Business Passwords
Let’s start with a quick question: If you needed a strong password, would you turn to AI to create one?
At first glance, it seems like a sensible shortcut.
Tools such as ChatGPT and Copilot can draft emails, build reports, and even write snippets of code. Asking them for a complex 16-character password filled with symbols and numbers feels efficient and modern.
However, this is one area where AI may not be the best choice.
What researchers discovered
Security researchers recently put AI tools to the test by asking them to generate secure passwords.
- On the surface, the results looked impressive
- Passwords included a mix of uppercase and lowercase letters, numbers, and symbols
- Password strength checkers rated them highly
- Some tools even estimated they would take centuries to crack
But a deeper analysis revealed some concerning issues.
The problem with AI-generated passwords
AI tools are powered by large language models (LLMs). These systems are designed to predict likely sequences of text based on patterns they’ve learned.
That’s what makes them so effective at writing natural-sounding content.
But it also creates a problem:
- AI does not produce true randomness
- Strong passwords depend on randomness to be secure
When researchers analysed multiple AI-generated passwords:
- Patterns began to emerge
- Some passwords were duplicated
- Many followed similar structures
- None contained repeating characters
Interestingly, the lack of repeated characters is actually a warning sign. In genuinely random passwords, repetition happens naturally. Its absence suggests predictable rules are being applied.
Why this matters for your business
Researchers measured password “entropy”, which indicates how unpredictable a password is.
The findings showed:
- AI-generated passwords had significantly lower entropy
- They were more predictable than they appeared
- This makes them more vulnerable to brute-force attacks, where attackers rapidly test combinations
Another concern is that:
- Password strength tools only assess visible complexity
- They don’t detect underlying patterns created by AI
Even newer AI models have started warning users against relying on generated passwords for sensitive accounts.
What you should do instead
If your business wants genuinely secure passwords, the best approach is simple:
- Use a trusted password manager
- Enable its built-in password generator
- Ensure passwords are long, unique, and randomly generated
- Store credentials securely and avoid reuse across systems
These tools rely on cryptographic randomness – mathematical processes specifically designed to ensure unpredictability.
Final thought
AI is a powerful productivity tool and can add value across your business.
But when it comes to essential security measures like password creation, it’s not the right tool for the job.
Need help improving your business security?
If you’d like guidance on choosing the right password manager or strengthening your company’s IT security, get in touch with GZD. We’re here to help you implement practical, effective protections tailored to your business.
