Google might have a new AI-powered password-generating trick up its sleeve – but can Gemini keep your secrets safe?

If you’ve been using Google Chrome for the past few years, you may have noticed that whenever you’ve had to think up a new password, or change your existing one, for a site or app, a little “Suggest strong password” dialog box would pop up – and it looks like it could soon offer AI-powered password suggestions. 

A keen-eyed software development observer has spotted that Google might be gearing up to infuse this feature with the capabilities of Gemini, its latest large language model (LLM).

The discovery was made by @Leopeva64 on X. They found references to Gemini in patches of Gerrit, a web-based code review system developed by Google and used in the development of Google products like Android

These findings appear to be backed up by screenshots that show glimpses of how Gemini could be incorporated into Chrome to give you even better password suggestions when you’re looking to create a new password or change from one you’ve previously set.

See more

Gemini guesswork

One line of code that caught my attention is that “deleting all passwords will turn this feature off.” I wonder if this does what it says on the tin: shutting the feature off if a user deletes all of their passwords, or if this just means all of the passwords generated by the “Suggest strong passwords” feature. 

The final screenshot that @Leopeva64 provides is also intriguing as it seems to show the prompt that Google engineers have included to get Gemini to generate a suitable password. 

This is a really interesting move by Google and it could play out well for Chrome users who use the strong password suggestion feature. I’m a little wary of the potential risks associated with this method of password generation, similar to risks you find with many such methods. LLMs are susceptible to information leaks caused by prompt or injection hacks. These hacks are designed to trick the AI models to give out information that their creators, individuals, or organizations might want to keep private, like someone’s login information.

A woman working on a laptop in a shared working space sitting next to a man working at a computer

(Image credit: Shutterstock/Gorodenkoff)

An important security consideration 

Now, that sounds scary and as far as we know, this hasn’t happened yet with any widely-deployed LLM, including Gemini. It’s a theoretical fear and there are standard password security practices that tech organizations like Google employ to prevent data breaches. 

These include encryption technologies, which encode data so that only authorized parties can access it for multiple stages of the password generation and storage process, and hashing, a one-way data conversion process that’s intended to make data reverse-engineering hard to do. 

You could also use any other LLM like ChatGPT to generate a strong password manually, although I feel like Google knows more about how to do this, and I’d only advise experimenting with that if you’re a software data professional. 

It’s not a bad idea as a proposition and a use of AI that could actually be very beneficial for users, but Google will have to put an equal (if not greater) amount of effort into making sure Gemini is bolted down and as impenetrable to outside attacks as can be. If it implements this and by some chance it does cause a huge data breach, that will likely damage people’s trust of LLMs and could impact the reputations of the tech companies, including Google, who are championing them.

YOU MIGHT ALSO LIKE…

TechRadar – All the latest technology news

Read More

You can now talk to ChatGPT like Siri for free, but it won’t reveal OpenAI’s secrets

ChatGPT has conveniently distracted us from OpenAI's boardroom drama, which has just seen Sam Altman return to the company as CEO, by making its Voice chat feature available to all free users.

The AI chatbot got its impressively conversational voice powers in September, but this feature was limited to the paid Plus and Enterprise tiers. But now OpenAI, which is looking for a shiny object to take eyes away from its recent meltdown, has made 'ChatGPT with voice' available to all users.

To use it, you just need the latest version of ChatGPT's iOS or Android app. Tap on the headphones icon at the bottom of the screen and you can start quizzing the chatbot about anything you like – as long as your question isn't about recent events, like OpenAI's CEO merry-go-round.

That's because the GPT-3.5 model that's available to free users has only been trained on data going up to January 2022. So when you ask it, for example, 'Why was Sam Altman fired from OpenAI?', it answers that there are “no public reports or indications” of this happening. How convenient.

Still, if you're looking for a voice assistant that's a bit chattier and more knowledgeable than the likes of Apple's Siri, then the ChatGPT voice function is a fun new tool (assuming the service hasn't gone down, like it did at around 2pm PT / 10pm GMT yesterday).

You can choose from five different voices and your chats (but not the audio clips) are saved just like your text-based conversations. It'll also auto-detect languages, though you can also choose this in the Settings menu.

 A Siri replacement?

A phone on a pink background showing ChatGPT's voice feature

(Image credit: Future)

Given it's now possible to use ChatGPT with Siri, the arrival of voice powers on the chatbot's free version is a potentially big deal. That's particularly the case for owners of the iPhone 15 Pro, who can map ChatGPT to the new Action button (by going to Settings > Action Button > Shortcut).

Siri and ChatGPT still have notable differences though. For example, Siri is deeply integrated with the iPhone, allowing it to perform actions like setting timers and controlling your phone's volume.

But ChatGPT's depth of knowledge and more conversational style is arguably better when it comes to general knowledge questions – as long as you're aware of its propensity to hallucinate.

It's certainly a fun, free feature to play with and will no doubt take some of the attention off OpenAI's Succession-like boardroom tussles, which could ultimately have a big impact on how the AI chatbot tussle plays out in 2024.

You might also like

TechRadar – All the latest technology news

Read More

Google Cloud is now able to store all your secrets

Google Cloud has announced a new tool aimed at helping users securely store their API keys, passwords, certificates and other data online.

Secret Manager provides the company's customers with a single tool to manage their data as well as a centralized source of truth.

In a blog post announcing the new tool, Google developer advocate Seth Vargo and product manager Matt Driscoll provided further insight on the kinds of problems Secret Manager will help solve, saying:

“Many applications require credentials to connect to a database, API keys to invoke a service, or certificates for authentication. Managing and securing access to these secrets is often complicated by secret sprawl, poor visibility, or lack of integrations.”

Secret Manager

Google already provides an open-source command-line tool for managing secrets called Berglas. With the launch of Secret Manager, both tools will work together and users will even be able to move their secrets from the open-source tool to Secret Manager. Berglas can also be used to create and access secrets from Secret Manager.

Google's Key Management Service (KMS) provides users with a fully managed system to handle their keys. However, KMS does not actually store the secrets but instead encrypts the secrets you store elsewhere. Secret Manager on the other hand, provides users with a way to easily store and manage these secrets in Google Cloud.

Secret Manager includes the tools needed to manage secret versions and audit logging. The secrets stored in the tool are also project-based global resources which sets it apart from competing tools which often manage secrets on a regional basis.

Google Cloud customers can begin using Secret Manager today as the new tool is currently in beta and available to all.

Via TechCrunch

TechRadar – All the latest technology news

Read More