New research from Irregular finds LLMs like Claude, GPT, and Gemini generate visually complex but highly predictable passwords. In 50 prompts Claude Opus 4.6 produced only 30 unique passwords and one 16-character string 18 times, and effective entropy estimates drop from ~98 bits to roughly 20–27 bits, enabling million-guess attacks and real-world exposures on GitHub.
Key Points
- 1Demonstrate LLMs generate repeated, biased passwords: 50 prompts yielded 30 uniques, one repeated 18 times.
- 2Show effective entropy collapse from ~98 bits to roughly 20–27 bits, enabling million-guess attacks.
- 3Recommend using CSPRNG-backed password managers and rotate any LLM-generated secrets found in code.
Scoring Rationale
Strong empirical findings on LLM password weakness; limited by single-source reporting and non-peer-reviewed analysis overall.
Sources
Public references used for this report.
Practice with real Logistics & Shipping data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Logistics & Shipping problems
