By Vicky Sidler | Published 26 February 2026 at 12:00 GMT+2

If you have ever asked ChatGPT to “give me a strong password” and felt oddly pleased with yourself, this is your cue to pause and quietly change it.

According to reporting by Sky News, based on research from AI cybersecurity firm Irregular, passwords generated by major AI tools are not as secure as they look. In fact, they are often predictable enough that even older computers can crack them far faster than anyone would like to admit.

The short version is simple. If an AI created your password, it may be time for a new one.

This comes after leading models, including ChatGPT, Claude, and Gemini, were tested. All three produced repeated patterns and, in some cases, identical passwords across multiple attempts. That is not random. That is a pattern wearing a disguise.

TL;DR:

• AI tools do not generate passwords randomly

• They repeat patterns from their training data

• Some AI-generated passwords were reused multiple times

• Hackers use automated tools that thrive on predictable patterns

• The fix is simple. Use a proper password manager or passkeys instead

Need help getting your message right? Download the 5-Minute Marketing Fix.

Table of Contents:

The problem sounds technical, but it is surprisingly easy to understand once you strip away the jargon.

A strong password should be random. Truly random. That means there is no pattern a computer can recognize. Specialist tools like Apple Password Manager, Google Password Manager, 1Password, and LastPass use secure random generators. In plain English, they create combinations that are not based on previous examples. They are mathematically unpredictable.

Large language models, on the other hand, do not work that way.

Why AI Passwords Look Strong but Are Not:

AI tools are trained to predict what comes next in a sequence of text. They are brilliant at producing something that looks right. They are not designed to create true randomness.

So when you ask for a “strong password,” the model gives you something that resembles what strong passwords tend to look like. A capital letter here. A number there. A symbol placed strategically in the middle. It feels secure because it ticks the visual boxes.

But research from Irregular showed those passwords followed repeatable patterns. In one test, 50 passwords generated by Claude produced only 23 unique results. One password appeared 10 times. That is less “cyber fortress” and more “copy and paste with enthusiasm.”

Online password checkers even rated these AI passwords as extremely strong, with some claiming they would take millions of trillions of years to crack. The catch is those tools do not know the pattern behind the scenes. They judge the length and the mix of characters, not whether the password is part of a predictable family tree.

According to Irregular co-founder Dan Lahav, if you are relying on AI-generated passwords, even older computers could crack them in a relatively short time because attackers use automated guessing tools that look specifically for patterns.

And cybercriminals love patterns.

Why This Matters for Small Business Owners:

You might be thinking, “I only used AI for one or two accounts.” That may be true. But small businesses often manage dozens of logins. Email. Accounting software. CRM systems. Payment gateways. Website hosting. Social media. Each one is a potential entry point.

If just one password is weak, it can expose client data, invoices, or private communication. That is not just inconvenient. It can damage trust, and trust is expensive to rebuild.

There is another twist. Developers are increasingly using AI to write code. Irregular found fragments of recognizable AI-generated passwords in public code repositories. In some cases, these appeared in what looked like real services. That means some businesses may be exposed without even realizing an AI-generated password was inserted somewhere along the line.

In marketing we talk about clarity all the time. In cybersecurity, clarity looks like this. If you do not know exactly how something was generated, do not assume it is safe.

The Simple Fix:

The reassuring part is that this sits in the category of avoidable, high impact when it goes wrong.

The fix is straightforward.

First, use a dedicated password manager. These tools generate and store passwords securely using true randomness. You do not have to memorize anything except one master password.

Second, consider passkeys where possible. Passkeys use biometric authentication such as fingerprint or face ID instead of traditional passwords. They are both stronger and easier to use, which is rare in technology.

If neither is an option, choose a long, memorable phrase that only makes sense to you. Not a quote from a movie. Not your dog’s name with a number. Something personal and layered. Length matters more than complexity.

And whatever you do, do not ask an AI to improvise.

A Marketing Lesson Hidden in a Password Story:

There is a broader lesson here for business owners who love efficiency. AI is an excellent assistant. It can draft emails, brainstorm ideas, and simplify explanations. But it is not designed for every task.

Just because something sounds confident does not mean it is correct.

The same applies to your marketing. Many businesses use language that looks impressive but follows predictable patterns. Words like "innovative," "cutting edge," and "customer centric." They appear strong. They feel polished. Yet they blend into a sea of sameness.

As a StoryBrand Certified Guide and Duct Tape Marketing Consultant, I see this daily. Real strength is not about looking complex. It is about being clear and deliberate. Whether that is your password or your positioning.

If you want to tighten up your message so clients understand exactly what you do and why it matters, start with one clear sentence.

Download the free 5-Minute Marketing Fix. It will help you clarify your message without relying on guesswork, patterns, or borrowed language that only looks strong from a distance.

👉 Download it free here.

Related Articles:

1. Small Businesses Are Being Targeted—Here’s What Cybersecurity Stats Say in 2025

If the password issue feels like one small crack in the wall, this article shows the whole building. It breaks down current attack statistics and gives a practical action plan so you can strengthen more than just your logins.

2. South Africa's 2025 Data Breach Count Hits 369k—Are You Next?

Real breach numbers make abstract risk feel very concrete. This piece shows how often accounts are actually exposed and reinforces why regular password updates and proper managers are non negotiable.

3. Microsoft Takes Down Phishing Sites in $100K Scam

Predictable passwords are one problem. Phishing is another. This article explains how criminals trick people into handing over even strong credentials and why staff awareness matters just as much as technical tools.

4. Small Businesses Hit by AI Fraud Surge

Here you will see how attackers use AI themselves, targeting invoices, payments, and customer data. It connects the dots between convenience driven AI use and the growing fraud risk facing small firms.

5. Google Gemini Can Now Browse For You. Should You Let It?

If AI should not be trusted to generate your passwords, should it be logging into your accounts on your behalf? This article explores where smart delegation ends and security risk begins.

Frequently Asked Questions About AI Generated Passwords

1. Are AI generated passwords safe to use?

Not reliably. AI tools create passwords based on patterns they have learned from existing text, not true randomness. That means the passwords may look strong but can still follow predictable structures that automated hacking tools can guess.

2. Why do AI tools create predictable passwords?

Large language models are built to predict what comes next in a sequence of text. When you ask for a password, they generate something that resembles a strong password rather than something mathematically random. It is imitation, not true randomness.

3. How can hackers crack AI generated passwords so quickly?

Cybercriminals use automated tools that test millions of combinations per second. If passwords follow common patterns, those tools can narrow down the possibilities and guess them much faster than if the password were truly random.

4. Do online password strength checkers detect this problem?

Usually not. Most password checkers look at length and character variety. They do not analyse whether the password is part of a predictable pattern used repeatedly by an AI model.

5. What is the safest way to create strong passwords for my business?

Use a reputable password manager such as Apple Password Manager, Google Password Manager, 1Password, or LastPass. These tools generate passwords using secure random number generators and store them safely so you do not have to remember each one.

6. Should small businesses switch to passkeys instead of passwords?

Where possible, yes. Passkeys use biometrics like fingerprint or face recognition and are generally safer and easier to manage. They reduce the risk of stolen or guessed passwords.

7. What should I do if I already used AI to generate passwords?

Change them as soon as possible, especially for email, banking, payment systems, and any account that stores client data. Replace them with passwords created by a proper password manager.

8. Is it okay to use AI for other security tasks?

AI can help explain security concepts in plain English or summarise technical guidance. It should not be used to generate passwords or make final security decisions that protect sensitive business information.

9. Are long phrases better than complex short passwords?

Yes. A long, memorable phrase that only makes sense to you is usually stronger than a short password with random symbols. Length increases the number of possible combinations, which makes it harder to crack.

10. How often should I update my business passwords?

Review and update critical passwords regularly, especially after staff changes, suspected breaches, or major system updates. Using a password manager makes this process far easier and more consistent