Passphrase generator
Memorable passphrases that are actually strong.
- Instant
- Free
- Private (processed locally)
- No sign-up
Password strength, with memory included
The famous xkcd “correct horse battery staple” comic made it popular: four random words beat a supposedly complex “P@ssw0rd!” — and you still remember them the next day. This generator applies the diceware method: words drawn with cryptographic randomness from a fixed list, joined with the separator of your choice.
-
Set the length
From 3 to 8 words. The displayed entropy (8 bits per word) guides you: aim for at least 40 bits, 64 for critical uses.
-
Customize
Separator (dash, dot, underscore, space), capitals, trailing digit — useful for demanding password policies.
-
Copy
Regenerate as many times as you like, then copy in one click. Nothing leaves your browser.
Entropy: how many words for which use?
| Words | Entropy | Recommended use |
|---|---|---|
| 3 | 24 bits | Temporary codes, throwaway accounts |
| 4 | 32 bits | Low-sensitivity accounts |
| 5 | 40 bits | Ordinary accounts |
| 6 | 48 bits | Email, social media |
| 7–8 | 56–64 bits | Password manager, encryption |
Passphrase or random password? Both are valid. The passphrase wins wherever you must type or remember it (login session, manager, Wi-Fi); random passwords suit whatever your manager fills in for you.
Frequently asked questions
What is a passphrase?
A password made of several random words (e.g. “cobalt-jungle-velvet-storm”). At equal strength, it is far easier to memorize and type than a string of random characters.
Why is it secure if the words are in a dictionary?
Security comes not from the words being secret but from the number of combinations: 5 words drawn at random from 256 represent 2⁴⁰ possibilities. An attacker who knows the method still has to try them all.
How many words should I pick?
Five words (40 bits) suit an ordinary account; six to seven (48–56 bits) for email or an important account; eight (64 bits) for a password manager or disk encryption.
Is the draw truly random?
Yes: words are chosen with crypto.getRandomValues, your browser’s cryptographic generator — the same one used for encryption keys. And since the list has exactly 256 words, each random byte maps to one word with zero bias.
Should I still use a password manager?
Yes. The ideal passphrase protects your manager or master accounts; for everything else, let the manager generate and remember unique passwords.