At a glance, the passwords the LLMs created looked secure, much like those that a password generator might spit out. But that’s exactly where the problems arose: Although the AI-generated passwords appeared to be complex and safe to use for securing online accounts, they were actually quite predictable upon closer inspection.
All three LLMs exhibited clearly identifiable patterns in how they created these passwords. These patterns included repeated character strings, predictable password structure, frequent reuse of similar characters, clear biases toward certain numbers and letters, and even duplicate passwords in some cases. Although the AI-generated passwords looked random, they really weren’t. This could easily create a false sense of security if you were to use these predictable passwords for your online accounts.
if only there existed a better way to generate passwords
Why would anyone… Who the fuck is using glorified autocomplete to generate a random unique password?
Anyone that stupid deserves the breach and any company that integrates that moronic idea deserves the blowback.
It takes a five line Python script to generate a secure password. But no, let’s waste a gigantic amount of energy to have a slop machine do it very badly.
Bet I can do it in less
import random password_length=10 letters = "abcdefghijklmnopqrstuvwxyz0123456789-&@$?!*#%" print(''.join(random.sample(letters+letters+letters.upper()+letters.upper(), password_length)))If you inline password_length and letters, you can bring it down to 2 lines
Sure. The five lines are just for readability.
golfing is fun! I do everything in a single line
Python is really good for golfing. The flexible types are ripe for abuse.
print(["fizzbuzz"[n%3and 4:8-(n%5and 4)]or n for n in range(1,101)])
print(''.join(__import__('random').sample(etc...for one-lining it :)
Even less lines if you’re ok with it generating the same secure password every time
AI generated password
… I’m sorry, what just happened? I think I had a mini aneurysm. Let me read that ag…
In all seriousness, WTAF is wrong with people? What removed Baphomet wannabe came up with that negative IQ idea? SERIOUSLY… WTF IS WRONG WITH PEOPLE. ARGH!
Here I am giving security training to my coworkers and then I have to read this. This is like me spending a life long sifting through all my garbage to make sure everything is nicely separated for recycling, using the bike to go anywhere, to make sure my carbon footprint is as small as possible and over flies Taylor Swift in her private jet undoing my life’s work in a single fucking trip.
Seriously this gives me a headache
I watched someone in a YouTube video ask ChatGPT to add up some numbers for them, despite having a calculator on their phone. The sheer laziness at the expense of someone else’s energy was impressive. And don’t even get me started on the accuracy.
why. dafuq. would someone use an llm to make a password.
Because the techbros are pushing AI (really LLMs, but that is too many letters) for everything to justify their insane stock valuations
AI generated password? What kind of brain rot idea is that, god damn. Do these people need to ask AI to breathe for them?
I can also generate a password for them while running 50 toasters and flushing the toilet a bunch if they want.
Wait … Wat? Why would you even…
Just noticing: there’s 0 evidence in article that anyone is doing this. I just don’t buy that this is happening enough to matter. Interesting as interpretability research at best
There’s actually lots of evidence of people using AI to generate GUIDs that are infact not globally unique.
Source appreciated? Was this inside the research paper?
I’ve seen it personally at work where the AI generates its own metadata files containing uuids that it made up, and they end up being duplicates from elsewhere in the project. Unfortunately I can’t really share links.
I’m sure you could find examples in GitHub issues
Edit: I had an honest look, and can’t seem to find anything that isn’t AI slop in web searches anymore… GUIDs aren’t exactly the most common thing in the first place, so maybe I overstated how common this is.
Np, search is getting terrible. Thanks for looking!
Is there a link to the actual study?
I am constantly impressed with the level of general idiocy of end users when it comes to stuff like this…
“here’s what to use instead”
…the same thing we always have been? Keepass or other password managers with randomly generated passwords?
which dumbass lets LLMs generate their passwords?
Literally anyone who vibecoded a project. Projects need secrets.
If someone I knew told me they asked an LLM to generate their password, I would no longer talk to that person.
Alright then, Tobis, it was fun speaking to you 👍
What do you mean. Why would it be a problem that my password is the most statistically likely sequence of characters in the world? And that the password is stored in plaintext in a chat log? And used for training LLMs on password conversations?
I just set my password to hunter2, no one will ever figure it out.
I just use the same combination that I have on my luggage
1234?
0000!
What is that? All I see is *******.
Let me test that
JsfJhdYhb57’j4++€€djF
Shit 😩
Don’t put a quote mark in your password! I learned the hard way with password’drop table users;’
/S
Wait, was this because you too had a student named “Robert’); DROP TABLE users;–”?
What are some strings I could add to my passwords to hopefully prevent their darknet spread just a little bit?
Little Bobby Tables
An oldie but a goodie
Me! Me! Me!
dumbass
That was uncalled for 😞
My brother you can literally slam your face on the keyboard to get a password. Why would you ask an llm’ to do it for you?
I’m pretty sure there’s an algorithm somewhere to solve for face to keyboard password generation.
Let me ask
ChatGPTClaude
LLMs are predictive text machines. Focus on “predictive”. Of course they will not output random text.
Note: not fully deterministic though - they need (pseudo)randomness at few critical points to be good
AI is a scam bruh… snap snap wake up unit 242… clap AI clap IS clap A clap BUZZWORD… like the biggest techbro scam yet. It will be ok you are just watching the boat sink as the economy shrinks like ol donald dumpy dick. You better tell him he is pretty or he will end the world. Waymo admits that its autopilot is often just guys from the Philippines
**Crapitalism tricked your arse again. **
