Don't tell me people are using llms to generate passwords
People are using LLMs to diagnose disease, write prescriptions, deny health care claims, deny loans and grants, write scientific papers, review scientific papers, draft engineering and architectural documents, and talk to their loved ones
Despair
Very well. If you don't want me to tell you the truth about people using LLMs to make passwords, I won't.
Getting away from more direct requests I can absolutely imagine AI offering passwords/suggestions as part of a coding session. Including "temp" passwords that look secure so "why bother changing it?".
Even where they aren't, I bet this is something that could end up happening when using them as open-ended agents that might try making their own accounts. The article also mentions this:
Furthermore, with the recent surge in popularity of coding agents and vibe-coding tools, people are increasingly developing software without looking at the code. We’ve seen that these coding agents are prone to using LLM-generated passwords without the developer’s knowledge or choice. When users don’t review the agent actions or the resulting source code, this “vibe-password-generation” is easy to miss.
I imagine, it's a matter of asking it to generate some configuration and one of the fields in that configuration is for a password, so the LLM just auto-completes what a password is most likely to look like.
I know someone who generate passwords in AI chat
Welp, that's another thing I hadn't thought you could use llms for and another thing I would never do
Why not do this....
Corect horse battery staple
The problem is that in this case, the LLM just naively auto-completes a password from what it knows a password to most likely look like.
It is possible to enable an LLM to call external tools and to provide it with instructions, so that it's likely to auto-complete the tool call instead. Then you could have it call a tool to generate a correct horse battery staple, or a completely random password by e.g. calling the pwgen command on Linux.
But yeah, that just isn't what this article is about. It's specifically about cases where an LLM is used without tool calls and therefore naively auto-completes the most likely password-like string.
I'm kinda interested how nany accounts you could log in with those strings :D
pls don't spread my password around like that
Yes!
QuiltedNematoadNotepad486
Irregular ? Like my bowel movements ?
Not again this horrible web design/engine whatever laggin/stuttering the way it almost induce a epileptic seizure in me.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
