Stop asking ChatGPT to generate your passwords. A detailed analysis tested password generation across Claude Opus 4.6, GPT-5.2, Gemini 3 Flash, Gemini 3 Pro, and Google Nano Banana Pro. Every single model produced passwords that look random to human eyes but are trivially crackable.
20 Bits vs. 120 Bits
Entropy measures how unpredictable a password actually is. A truly random 16-character password has roughly 98-120 bits of entropy. The LLM-generated passwords? Between 20 and 27 bits. That's the difference between "would take centuries to crack" and "a few hours, even on a decades-old computer."
The reason is fundamental to how large language models work. LLMs are trained to produce plausible, likely outputs. Randomness is the exact opposite of plausible. When you ask Claude or GPT for a "random" password, you get something that looks random but follows predictable patterns the model learned during training.
The Duplication Problem
Here's where it gets worse. Running the same "generate a random password" prompt 50 times through Claude produced 40% duplicate characters across samples, with 36% completely identical outputs. None of the 50 passwords contained a single repeating character, which itself is a statistical impossibility in truly random generation. Real randomness sometimes repeats. The model avoids repetition because repeated characters don't "look" random.
No amount of prompt engineering fixes this. Telling the model to "be more random" or "use cryptographic randomness" doesn't change the underlying generation mechanism. The model has no access to a cryptographically secure random number generator. It's predicting tokens.
What to Use Instead
Use a dedicated password manager: 1Password, Bitwarden, or the built-in managers in iOS, macOS, and Android all use proper random number generators. If you've already generated passwords using an LLM, rotate them. This isn't theoretical - those passwords are meaningfully weaker than what a purpose-built tool produces in milliseconds.