12/05/2025

LYFE MONDAY | MAY 12, 2025

24

Risks of AI-generated passwords o Experts urge people to use dedicated credential management software instead H OW many passwords do you have? It could be more than you think. Most online services and apps require the user to create a password.

Alexey Antonov tested this by generating 1,000 passwords using prominent and trusted LLMs, such as OpenAI’s ChatGPT, Meta’s Llama and DeepSeek from China. “All of the models are aware that a good password consists of at least 12 characters, including uppercase and lowercase letters, numbers and symbols. They report this when generating passwords. “DeepSeek and Llama sometimes generated passwords consisting of dictionary words, in which instead of some letters there are numbers of similar shape: S@d0w12, M@n@go3, B@n@n@7 (DeepSeek), K5yB0a8dS8, S1mP1eL1on (Llama),” said Antonov. Antonov further discovered that both models like to generate the password “password”, such as P@ssw0rd, P@ssw0rd!23 (DeepSeek), P@ssw0rd1, P@ssw0rdV (Llama). “Needless to say, such passwords are not safe,” he added. The trick with substituting letters is known and is not difficult to “brute force”. ChatGPT does not suffer from this problem and generates passwords that look like random ones. For example: qLUx@^9Wp#YZ, LU#@^9WpYqxZ, YLU@x#Wp9q^Z, Ylp^9W#qX@zv, P@zq^XWLY#v9, v#@LqYXW^9pz and X@9pYWq^#Lzv. However, there is still a pattern, such as how the number nine is often encountered. An ideal random generator would not prefer any letter. All symbols must appear approximately the same number of times. Also, the algorithms often neglected to insert a special character or digits into the password at 26% of passwords for ChatGPT, 32% for Llama and

Chances are many of those passwords are not being used daily and due to this overabundance, there is a high probability that many of the passwords are being reused. Poor password management is compounded by a reliance on common combinations of names, dictionary words and numerals. Not only are these passwords relatively easy to decipher, but if a cybercriminal gains access to a password on one site, that could result in access to a plethora of other sites. People are urged to create unique, random passwords to counter the vulnerability posed by using the same password multiple times. However, password creation and management can be an arduous task. To tackle the burden of password creation and management, people might be tempted to use artificial intelligence (AI) or large language models (LLMs) such as ChatGPT, Llama or DeepSeek to generate their passwords. The appeal is clear. Rather than struggling to come up with a strong password, users can simply ask AI to “Generate a secure password” and get an instant result. AI produces strings that look random, which helps avoid the human tendency to create predictable, dictionary-based passwords, but appearances can be deceptive, as AI-generated passwords may not be as secure as they appear. Tried, tested Kaspersky data science team lead

Since data breaches are rampant, a strong, unique password for every account is non-negotiable. – 123RFPIC

29% for DeepSeek. Meanwhile, DeepSeek and Llama sometimes generated passwords shorter than 12 characters. Knowing these dependencies, cyber criminals can significantly speed up password brute force. Rather than trying in order “aaa”, “aab”, “aac”, “aba”, “abb”, “abc” to “zzz”, they could start with frequent combinations. Adopt more secure password management Rather than relying on AI, users should adopt dedicated password management software, as they use cryptographically secure generators to create passwords with no detectable patterns, ensuring true randomness. Second, all credentials are stored in a secure vault, protected by a single master password. This eliminates the need to remember

Frequency of characters used in passwords generated by ChatGPT.

one of them. The patterns and predictability of LLM-created passwords make them vulnerable to cracking. Instead of taking shortcuts, invest in a reputable password manager, which forms the first line of defence against cyber threats. In an era where data breaches are rampant, a strong, unique password for every account is non negotiable.

hundreds of passwords while keeping them safe from breaches. Additionally, password managers provide auto-fill and synchronisation across devices, streamlining logins without compromising security. Many also include breach monitoring, alerting users if their credentials appear in a data leak. While AI can assist with many tasks, password generation is not

Frequency of characters used in passwords generated by Llama.

Frequency of characters used in passwords generated by DeepSeek.

US govt proposal could kill off Firefox THE Mozilla Foundation is sounding the alarm: its famous Firefox browser could be under serious threat if Google can no longer participate in its funding in exchange for being the browser’s default search engine. This is what the US Department of Justice (DoJ) is proposing as part of its antitrust trial against Google. proposals from the DoJ to limit Google’s dominance of online search. The DoJ has recognised that Google holds an illegal monopoly on online search services, and has set out a number of remedial measures. One of these is an outright ban on all paid agreements to be the default search engine on third-party browsers. This is currently the case with Firefox and accounts for the bulk of its funding. This deal between Google and Mozilla accounts for some 85% of As The Verge explained, the Mozilla Foundation is extremely concerned about the future of its Firefox web browser following the latest

Google’s dominant position by removing an alternative to Chrome, already highly dominant on the web browser market. After its heyday some 15 years ago, Firefox’s market share across all devices is now just over 2.5% worldwide, according to StatCounter. Despite this, Firefox remains a browser appreciated for its respect for privacy and its independence from major technology companies. – ETX Studio

Firefox’s revenue, with Firefox in turn generating 90% of Mozilla’s total revenue. In other words, removing this financial cornerstone would be catastrophic for the future activities of the teams working on Firefox. It would threaten the very existence of the browser. It is worth noting that these funds are also used to finance the foundation’s other non-profit initiatives. Paradoxically, such a decision would also strengthen