Many tech users today tend to use AI chatbots to generate random passwords to secure their accounts. However, a newly published study has issued a stern warning that AI-generated passwords are actually far less secure than we might think. Relying on artificial intelligence for this security task could inadvertently open the door for cyberattacks to occur more easily.
Detailed Developments
According to a report from ZDNet, security researchers conducted tests on the ability of popular large language models today to generate random character strings. The results showed that instead of creating highly chaotic and unpredictable strings, AI chatbots tend to repeat certain mathematical and linguistic patterns. This makes passwords generated by AI much easier to crack by specialized password-cracking tools in a shorter time compared to truly random passwords.
Technical & Technology Analysis
The nature of AI models (LLMs) is to operate based on probabilities and pre-trained data. When asked to generate a random string, the AI's algorithm is still influenced by probability distributions from the training dataset, leading to a lack of "entropy randomness" (true randomness). Certain characters, words, or numerical structures still appear with higher frequency than usual. In contrast, traditional password managers use cryptographically secure pseudorandom number generators (CSPRNG) to ensure that every character has an entirely independent probability of appearing.
Expert Opinions & Assessments
Cybersecurity experts advise users absolutely not to trust the password generation capabilities of commercial chatbots. Artificial intelligence is designed to produce logical and human-readable text, which is completely contrary to the principle of a strong password—it must be extremely chaotic and patternless. The market already has plenty of specialized and safer password management tools to handle this role.
Impact & Future
This study serves as a wake-up call for the Vietnamese tech community, where the adoption rate of AI for daily tasks is rising rapidly. In the future, as hackers' AI-driven attack techniques become increasingly sophisticated, understanding the limitations of AI in security is extremely crucial. Readers should return to traditional password generation methods or use built-in password managers on operating systems instead of fully relying on chatbots.