61
LLM-generated passwords 'fundamentally weak,' experts say (www.theregister.com)
submitted 1 day ago by fox@hexbear.net to c/chapotraphouse@hexbear.net
26 comments fedilink hide all child comments

The way LLMs work is by approaching the most "average" response given any particular input. It's why everything written by an LLM looks similar and always has the same voice.

Anyways, shockingly, the Machine That Generates the Average Output is bad at unique passwords.

Of the 50 returned, only 30 were unique (20 duplicates, 18 of which were the exact same string), and the vast majority started and ended with the same characters.

Imagine that an LLM tries to fit its outputs into a bell curve of potential responses, with each character in the output aimed to be as close to the middle as feasible (with a small randomization factor so it's not always the exact same). A good password's bell curve ought to be a completely flat graph where any character is just as likely to be chosen as any other character.

Use a password manager.

you are viewing a single comment's thread
view the rest of the comments
[-] ClathrateG@hexbear.net 13 points 1 day ago

Use a password manager.

Yes but also be aware of https://www.theregister.com/2026/02/16/password_managers/

[-] bobs_guns@lemmygrad.ml 12 points 1 day ago

Can't believe these were marketed as zero knowledge. If a server knows the ciphertext or even the size of the ciphertext that is not zero knowledge, by definition.

[-] Collatz_problem@hexbear.net 15 points 1 day ago

My password manager is a piece of paper hidden in one of my books.

[-] WokePalpatine@hexbear.net 9 points 1 day ago

The more digitally-dependant society becomes, the more analog methods become secure. Like, most old people in the imperial core are getting defrauded online, not because they have a notebook by the computer with their passwords written down.

[-] Belly_Beanis@hexbear.net 14 points 1 day ago

I never understood the logic about not writing down passwords in your own home. If somebody can steal my passwords, I have a far more serious problem.

[-] chgxvjh@hexbear.net 7 points 1 day ago

Just don't put it up on the pinwall in front of your webcam.

[-] Damarcusart@hexbear.net 2 points 19 hours ago* (last edited 19 hours ago)

My handwriting looks like a very drunk chimpanzee's. I can barely tell what I wrote an hour after I wrote it, let alone 6 months later when I'm trying to work out a password.

[-] ChaosMaterialist@hexbear.net 5 points 23 hours ago

It's the kind of advice against a post-it note on your monitor (especially in a shared place like an office) but often gets over applied to all paper backups. I keep backup access to my password manager in a paper envelope with other important documents just in case.

this post was submitted on 18 Feb 2026
61 points (100.0% liked)

Chapotraphouse

14279 readers
643 users here now

Banned? DM Wmill to appeal.

No anti-nautilism posts. See: Eco-fascism Primer

Slop posts go in c/slop. Don't post low-hanging fruit here.

founded 5 years ago
MODERATORS
LENINSGHOSTFACEKILLA@hexbear.net
corgiwithalaptop@hexbear.net
a_little_red_rat@hexbear.net
khizuo@hexbear.net
thelastaxolotl@hexbear.net
CoolerOpposide@hexbear.net