Is ChatGPT authentication code secure?

ChatGPT frequently generates authentication code with critical security flaws. Common issues include storing passwords in plain text or with weak hashing algorithms, implementing JWT tokens without proper expiration or signature verification, and creating session management logic vulnerable to fixation attacks. The model often generates login forms without brute-force protection, CSRF tokens, or proper account lockout mechanisms. Authentication is one of the highest-risk areas for AI-generated code because small implementation errors can lead to complete account takeover. UNPWNED tests authentication implementations for these vulnerabilities and provides specific remediation steps.