Don’t trust AI with this security essential • Blisstech Solutions

Let me start with a question: If you needed a strong password, would you ask AI to generate one for you?

It sounds reasonable enough. 

Tools like ChatGPT and Copilot can write reports, draft emails and even create bits of code. Asking them for a 16-character password packed with symbols and numbers feels like a smart shortcut.

But you might want to rethink that. 

Researchers recently tested AI tools by asking them to generate secure passwords. 

On the surface, the results looked great. Long strings of mixed-case letters, numbers and symbols. 

When checked using online password strength meters, they scored highly. Some tools even suggested it would take centuries to crack them.

But when those passwords were analysed properly, a different picture emerged.

AI systems are powered by something called a large language model, or LLM. That means they’re trained to predict what text should come next. They’re brilliant at producing text that looks natural and plausible.

What they are not designed to do is create true randomness.

And strong passwords rely on randomness.

When researchers examined dozens of AI-generated passwords, they found repeating patterns. Some passwords were duplicates. Many followed very similar structures. 

Interestingly, none of them contained repeating characters. 

That might sound like a good thing, but real randomness often includes repetition. The absence of it suggests the password is following learned rules rather than being generated unpredictably.

The researchers measured something called “entropy”, which is a technical way of describing how unpredictable something is. 

AI-generated passwords scored far lower than a genuinely random 16-character password should. 

That means they could be much easier to crack using a brute-force attack, where attackers try huge numbers of combinations very quickly.

Online password checkers don’t catch this because they only look at visible complexity. 

They see symbols and numbers and assume it’s secure. They don’t account for the hidden patterns created by AI.

Even newer models like Gemini 3 Pro have issued warnings when asked to generate passwords, advising people not to rely on chat-generated credentials for sensitive accounts. 

That should tell you something.

If you want properly secure passwords, use a password manager with a built-in generator. 

These use cryptographic randomness, in other words, mathematical processes specifically designed to create unpredictable results.

AI is an excellent productivity tool. But when it comes to security essentials like passwords, it’s the wrong tool for the job.

If you’d like help choosing the right password manager for your business, get in touch. 

More Content

Do you really want your team to use this?

Do you really want your team to use this?

If someone on your team could buy something for work without ever visiting a website (or leaving their desk), would you know?
AI tools are changing how everyday work happens.
And now that even includes decisions that used to have checks and processes…

Is this the most dangerous phishing scam yet?

Is SubdoMailing the most dangerous phishing scam yet?

Bad news: Cyber criminals have yet another new phishing scam up their sleeves and it could be the most dangerous one yet. They’re using genuine subdomains that have been abandoned. We tell you how to stay safe.

AI is making phishing scams more dangerous

AI chatbots have taken the world by storm lately. But for all the fun they offer, criminals have been finding ways to use AI for more sinister purposes.

Copilot brings Microsoft and Google together

Copilot brings Microsoft and Google together

Have you ever found yourself wishing your Windows apps and your Google tools would work together?Microsoft has good news: Now they can.
And it’s all thanks to Copilot…

Which ransomware payment option is best? (Hint: none)

Which ransomware payment option is best? (Hint: none)

Cyber criminals are giving you more options when it comes to paying your way out of a ransomware attack. Our advice remains the same though. Find out what that advice is here.

Data loss? Save yourself a mighty headache

What would you do if all of your business data were lost? You might panic or stare at the screen in disbelief. However, if you're prepared, you'll have a safety net in place in the form of reliable and tested data backup. This means you can quickly restore your data...

Cut the Jargon! The top 3 things you should discuss with your IT partner

IT support involves technical tasks, and the language used in this field can be quite technical at times. Therefore, we have created a plain language guide that focuses on the three key areas you should discuss with your technology partner. Contact us if you want to...
At last: Sync passkeys across your devices

At last: Sync passkeys across your devices

Tired of juggling passwords and endless reset emails?
There’s a smarter, safer way to log in. Once again, Microsoft is about to make life a lot easier for you and your team.
No passwords. No lockouts. Just quick, secure access wherever you are…

Phishing – If you’re under pressure to take urgent action – stop and think

Phishing scams are one of the biggest security threats to your business right now and cybercriminals are always coming up with new phishing techniques. A massive 83% of organisations said they suffered successful attacks last year. And with just under a third of...

IT Managed Services for Financial Services

Over the last four decades, technology has significantly impacted how Financial Services operate. In the past, Financial Services businesses, such as IFAs and accountants, had to track financial data manually. Today, they can use software to automate many of these...
Share This
Contact
Love Lane
Cleobury Mortimer
Shropshire DY14 8PE

01299 382 321
[email protected]
Copyright © Blisstech Solution Ltd
Registered No: 08125391 VAT No : 307 5490 05