Back to blog page

World Password Day: ChatGPT is not a password manager

Good passwords are the foundation of internet security. Experts recommend using a unique, complex password for every login and online account. As the number of internet accounts steadily increases, this becomes quite a challenge – can modern artificial intelligence (AI) systems like ChatGPT help us invent and manage secure passwords? "It depends," says Arne Allisat, Head of Email Security at mail.com.
Password input field on computer screen
Can you trust a password that’s generated by a chatbot?

How important is a secure password?

Using passwords that are too simple or too short is a risk to the security of personal, sensitive data: attackers can gain access to such things as private photos, important emails and documents, or social media accounts. Even more important than secure passwords is to only use each password for one service. When you use the same password for multiple services, only one of these services needs to be hacked – and then all accounts with this password are at risk. This is particularly dangerous for your email account: if online criminals find out the password, they can simply reset passwords for other services using the "Forgot password" function and gain access there as well.
 
What makes a password secure?

First and foremost, a secure password is long and complex. This means at least 8, preferably 12 or more characters, and then a mix of uppercase and lowercase letters, numbers, and special characters. This makes it more difficult to crack the password using brute force attacks, or simply by trying different combinations. It is also crucial to avoid personal information such as nicknames or pet names – many people still do this, but if the attacker knows me, they will obviously try such personal data first.

Given these requirements, it seems logical to use an AI tool like ChatGPT to invent and manage passwords. Is this a good option from your perspective?

It depends. AI chatbots like ChatGPT can make password suggestions when you ask them. These systems are trained based on texts and articles from the internet, so they can access and implement common advice for secure passwords. However, when I request a password from ChatGPT, I am also training the AI just by doing so. Through my input alone, the AI learns which of its generated passwords are well-received by the user – and then it may suggest the same passwords to other users with the same question. So, I would definitely advise against simply adopting passwords suggested by ChatGPT. While you can get tips, you should always modify the results.

Do we have to fear that AI tools will be able to crack passwords even more easily in the future?

That is a possibility, yes. If many users have an AI-created password, the AI can provide lists with these prompts, which can then be used for brute force attacks during a hack. In general, I believe people are not worried enough about the passwords they use in their daily lives.

What's a better way to do it?

The number one rule is: each account gets its own, long, and complex password. There is a trick to easily remember secure passwords, the so-called sentence method. Choose a long sentence that you can remember well, take only the first letters of each word, and add a few numbers and special characters. It's easy to remember, relatively complex, and therefore secure.

Can password managers be a solution?

Password managers can be an alternative, but they also have weaknesses. Although such software creates secure passwords using special algorithms, they are initially stored on a single device, such as a computer. If you want to use the same passwords on your phone, they are usually transferred via the cloud, or the online storage of the provider – and thus, they are still stored as a list on the internet. In addition, in an emergency, such as when your phone is lost, you may not have access to your passwords. So, it's better in any case to develop your own secure passwords with a system that allows you to easily remember them.

About mail.com

mail.com is one of the top free email portals in the United States, with its data center located in Lenexa, Kansas. The company offers its consumer and business users an unparalleled selection of more than 200 supplier-neutral email addresses related to a broad variety of topics like business, geographic location and personal interests. mail.com also provides online office solutions and cloud applications, and presents international news covering a broad spectrum of content categories. Options such as mobile apps, browser add-ons and mail collector make it easy for users to access and manage their email accounts. With state-of-the-art internet security and careful adherence to customer privacy requirements, mail.com strives for optimum performance. mail.com is a member of United Internet, Europe’s leading internet specialist.
Images: 1&1/Shutterstock


 

Posted in

Press release Password Interview

90 people found this article helpful.

Related articles

Pet names & family birthdays: Popular passwords in different countries

Would you use your pet’s name as a password? Or your wife’s birthday? A mail.com survey sheds light on password trends in several different countries more

Ask the Expert: Strong passwords

Welcome to our first ever “Ask the Expert” post! We’re joined by our email security expert Arne for a deep dive into the topic of passwords and online security. more

Ask the expert: How to protect yourself from spam and phishing

How do spam filters work? What role does AI play in phishing? Security expert Viviana chats about spam and phishing trends – and how to recognize email scams. more