You asked AI for a password. That's adorable.

AI can write your emails, summarise your meetings, and explain why your printer hates you.

So asking it for a strong password seems perfectly reasonable.

It isn't.

Researchers tested a bunch of AI tools on exactly this. The passwords looked great — long, messy, full of symbols. Online strength checkers gave them top marks. "Centuries to crack," some said.

Then someone actually analysed them properly.

Turns out AI doesn't do randomness. It does plausible. It's trained to predict what text should come next, which makes it brilliant at writing things that look right. Strong passwords don't need to look right. They need to be genuinely unpredictable.

When researchers dug into the results, they found duplicate passwords, repeating structures, and a suspicious absence of repeated characters. Real randomness includes repetition. The fact that none of these did suggests the AI was following learned rules — not rolling the dice.

The technical term is entropy. AI-generated passwords had far less of it than they should. Which means far easier to crack than the password checker suggested.

Online strength meters only see what's on the surface. Symbols and capitals? Looks secure. Hidden patterns baked in by a language model? Totally missed.

Even Google's Gemini has started warning users not to rely on AI-generated passwords for sensitive accounts.

Make of that what you will.

For passwords that are actually secure, use a password manager with a built-in generator. These use cryptographic randomness — mathematical processes designed specifically to be unpredictable. Not vibes. Maths.

AI is a brilliant tool. Just not for this.

Want help picking the right password manager for your business? Give us a shout.