Don't trust AI to come up with a strong new password for you — LLMs are pretty poor at creating new logins, experts warn
Summary
AI-generated passwords may seem intricate but often adhere to predictable patterns, which diminishes their complexity and heightens the risk of brute force attacks. This insight highlights the need for stronger password security measures in the digital landscape.
Key Insights
Why do AI-generated passwords appear strong but are actually weak?
AI-generated passwords seem intricate due to length and mix of characters, but they follow predictable patterns from training data, such as starting with 'vQ', resulting in low entropy (around 27 bits vs. 98 bits for a secure 16-character password), making them vulnerable to brute-force attacks in seconds rather than billions of years.
What is entropy in passwords, and why does it matter for security?
Entropy measures the randomness and number of possible combinations in a password; high entropy (e.g., 98 bits for a truly random 16-character password) makes cracking computationally infeasible, while AI passwords have low entropy (e.g., 27 bits) due to statistical predictions, allowing quick cracking with standard computers.