Artificial intelligence is making our lives easier in many ways: writing texts, summarizing documents, planning tasks... So far, so good. But there is something very important that we should not leave in the hands of a chatbot: our passwords.
As convenient as it may sound, letting an AI choose your password can be costly. Recent studies show that the passwords generated by these systems are not as secure as they seem. They tend to follow certain patterns that, although at first glance seem unique or complex, can be identified by programs designed to decipher them. In other words, they are not as random as one would think.
And that's a big problem, because passwords are basically the lock on our digital lives. They protect everything from our social networks to our bank accounts. Relying on an AI for something so sensitive is risky. The funny thing is that more and more people are doing it without knowing the risks. Therefore, in this article we are going to explain why this practice is not at all advisable, what dangers it may involve and, above all, what to do to create really secure passwords without complicating your life.
Why isn't it a good idea to ask artificial intelligence to create your secure passwords?
Maybe models like ChatGPT, LLaMA or DeepSeek know the theory by heart: a good password should have at least 12 characters, mix uppercase, lowercase, numbers and symbols. But it's one thing to know it and quite another to apply it well. And that's where the problems begin.
In practice, these AIs tend to fall into repeating patterns. It's not that they generate passwords completely at random, but that they use combinations that follow certain “language rules”. For example, LLaMA and DeepSeek often use dictionary words with small changes, such as replacing letters with symbols that resemble them.
You've probably seen things like B@n@n@7 or S1mP1eL1on. They look creative, but they're not that creative. In fact, these types of passwords are quite easy for hacker tools to crack, especially those that apply brute force attacks or mass testing of known combinations.
The most worrying thing is that many times these AIs fall into the usual trap: using variations of the most obvious word of all, “Password”. So they end up generating passwords such as P@ssw0rd, P@ssw0rd!23 or P@ssw0rdV, which, although they seem to be “disguised”, are among the first ones that attackers try because they are too common.
ChatGPT, however, seems to do a bit better. Its passwords may look more elaborate, with combinations like qLUx@^9Wpp#YZ or YLU@x#Wp9q^Z. But if you analyze them calmly, you notice that there are patterns: he repeats letters like “W”, “p”, “x”, ‘L’ and numbers like “9” in different places. That constant repetition can also become a weakness.
The big problem is that these AIs do not generate passwords with true randomness. What they do is reproduce learned patterns of language, and that makes them predictable. And what happens when something can be predicted? Someone can anticipate and break the password.
And the most ironic thing of all is that those same models can be used by cybercriminals to train themselves and anticipate the combinations that other users ask the AI to make. In short: if one AI can invent them, another AI can guess them.
So, while it may seem practical or clever, asking an AI model to create your password is not at all advisable. Not because it can't do it, but because it doesn't do it well. And in security matters, that can make all the difference.
Read more: Microsoft Authenticator Will No Longer Be a Password Manager
How were weaknesses in AI-generated passwords discovered?
To see how secure the AI-generated passwords were, Kaspersky researchers analyzed about 3,000 passwords generated by different models. And the results were not encouraging: 88% of DeepSeek's, 87% of LLaMA's and 33% of ChatGPT's were too weak to withstand a successful attack.
Although many looked complicated at first glance, in practice they didn't measure up. Most shared patterns or were missing key elements that make a password stronger.
One of the most common failures was the absence of special characters or numbers. No weird symbols, nothing that would really add to the difficulty. Specifically, 26% of ChatGPT's, 32% of LLaMA's and 29% of DeepSeek's passwords did not include a single one. That makes them much easier to guess with programs that try combinations until they get it right.
With how easy it is today for a password to be leaked or for someone to try to get in where they shouldn't, using weak passwords (and AI-generated ones at that) is a gamble to lose. These models are not yet ready to offer us the level of security we need.
How to create really secure passwords?
Although technology has come a long way, when it comes to creating secure passwords, experts recommend not leaving that task to artificial intelligence. Why? Because it is still not reliable enough and can end up generating passwords that are not as secure as they seem.
The best thing you can do is to use a password manager. These are applications designed to generate strong (real) passwords and store them for you. This way you don't have to go around inventing weird passwords or memorizing each one.
These managers store all your passwords in a sort of “digital safe”, protected by a single master password (that one you do have to remember). Everything else is stored securely.
They also have useful functions: they automatically fill in your data when you log in, synchronize between your devices, and even warn you if one of your passwords has been leaked in a security breach. In short: they make your life easier and protect you properly. Much better than relying on an AI that still isn't clear on how to make a password truly secure.