TL;DR: AI tools like ChatGPT can't generate truly random passwords — they follow hidden patterns that make them weaker than they appear. For genuinely secure passwords, always use a dedicated password manager with a built-in cryptographic generator.
________________________
Why You Shouldn't Use AI to Generate Your Passwords
Here's a question worth sitting with: when you need a strong password, is AI the first place you turn?
It's an understandable instinct. AI tools have become genuinely useful for all sorts of everyday tasks — drafting communications, summarising documents, helping with code. So asking for a 16-character password full of symbols and numbers feels like a perfectly sensible shortcut.
The problem is, it isn't.
What the research actually shows
Security researchers recently put a range of popular AI tools through their paces, specifically asking them to produce secure passwords. At first glance, the output looked convincing — long strings mixing upper and lower case letters, numbers, and symbols, the kind of thing that ticks all the boxes visually.
Password strength checkers agreed. Some even estimated these credentials would take centuries to brute-force.
But a deeper analysis told a very different story.
The randomness problem
AI tools are built on large language models — systems trained to predict what text should logically follow other text. They're extraordinarily good at producing output that looks plausible and natural.
What they aren't built to do is generate true randomness. And genuine randomness is the foundation of password security.
When researchers examined the passwords in detail, they found repeating structural patterns and, in some cases, outright duplicates across different outputs. Interestingly, none of the AI-generated passwords contained repeated characters — which might initially sound like a positive, but is actually a red flag. True randomness produces repeated characters fairly regularly. Their absence points to the AI following learned rules rather than generating genuinely unpredictable output.
The researchers measured this using entropy — the technical term for unpredictability. AI-generated passwords scored significantly lower than a properly random 16-character password should. That gap translates directly into vulnerability: passwords with lower entropy are far more susceptible to brute-force attacks, where automated tools rapidly cycle through vast numbers of possible combinations.
Standard online password checkers won't flag this. They assess visible complexity — symbols, mixed case, length — and give a green light. They have no way of detecting the structural patterns baked in by an AI system.
It's worth noting that even newer AI models are starting to acknowledge this limitation themselves. Some have begun issuing unprompted warnings when asked to generate passwords, advising users not to rely on AI-generated credentials for sensitive accounts.
When the tools themselves are telling you to look elsewhere, that's a fairly clear signal.
What to use instead
For passwords that are genuinely secure, use a dedicated password manager with a built-in password generator. These tools use cryptographic randomness — mathematical processes specifically designed to produce unpredictable output — rather than pattern-based prediction.
AI is a powerful productivity tool, and there's plenty it does well. Password generation just isn't one of them.
If you'd like guidance on choosing the right password manager for your business, the team at Pro-Networks would be happy to help. We work with businesses across Chester, Cheshire, Wrexham, North Wales, Warrington, the Wirral and the wider North West — get in touch here.