Passphrase Generator
Generate a Strong, Memorable Passphrase
Need a password you can actually remember but that still shrugs off brute-force attacks? Paste nothing, log in nowhere — just hit Generate above and you'll get a random passphrase built from plain English words, with optional capitals, numbers, and your preferred separator. The generator runs fully in your browser using crypto.getRandomValues, so nothing you generate ever leaves your device.
How to Use the Passphrase Generator
- Pick your word count — the slider goes from 3 to 8 words. Four is the standard sweet spot; five or six is worth it for anything that protects other secrets.
- Choose a separator — hyphen, dot, underscore, or space. Hyphens are the easiest to type on mobile; spaces make long phrases read more naturally.
- Toggle capitalization and a number — both add a small amount of entropy and help satisfy password rules that demand "uppercase and numbers."
- Click Generate — a fresh passphrase appears with its entropy estimate in bits. Copy it with the button on the right.
- Regenerate as many times as you need — every click is an independent random draw, so unwanted words disappear instantly.
Passphrase vs Password: Which Is Stronger?
A traditional password like Tr0ub4dor&3 is short, hard to remember, and — because humans pick predictable patterns — surprisingly weak against modern cracking rigs. A passphrase like bridge-lantern-coffee-42 is longer, easier to type, and because the words are chosen at random it has measurably more entropy.
The math is simple: every extra truly-random word from a ~250-word list adds about 8 bits of entropy, which multiplies the guess space by 256. Four words already push you past the strength of most "complex" passwords people actually create. If you want character-based output instead, the sibling password generator produces random-character strings suitable for storage in a password manager.
The XKCD / Diceware Method
This style of passphrase was popularised by XKCD comic #936 — "correct horse battery staple" — and formalised decades earlier by the Diceware method, which uses physical dice rolls to pick words from a numbered list. The principle is the same: randomness beats cleverness. A human-chosen phrase like ILoveMyDog2024! is easier to guess than four dice-picked words, even though it looks more "complex."
This tool uses a cryptographically secure random source to do the picking for you, so the result is statistically equivalent to rolling Diceware dice — without needing the dice or the wordlist printout.
How Many Words Should a Passphrase Have?
| Words | Entropy | Good for |
|---|---|---|
| 3 | ~24 bits | Low-stakes accounts, throwaways |
| 4 | ~32 bits | Everyday logins, work accounts |
| 5 | ~40 bits | Disk encryption, password manager master key |
| 6+ | ~48+ bits | Crypto wallets, long-term archives |
Adding a two-digit number tacks on roughly 7 bits. Turning on capitalisation adds about 1 bit per word. These are small boosts — if you want more strength, add a word rather than piling on symbols.
When to Use a Passphrase Instead of a Password
Passphrases shine whenever you have to type the secret by hand:
- Master password for Bitwarden, 1Password, KeePass, or iCloud Keychain
- Full-disk encryption — FileVault, BitLocker, LUKS
- WiFi network password that guests need to enter once
- SSH private key passphrase
- Crypto seed-phrase wrapper or cold-wallet login
For any account your password manager fills for you automatically, a 20-character random string from the password generator is the better choice — you never type it, so memorability doesn't matter.
Tips for a Safer Passphrase
- Let the generator pick the words. Human brains cluster on common themes; random draws don't.
- Don't reuse a passphrase across accounts. Generate a fresh one every time, even if the old one felt "strong enough."
- Skip famous phrases. "Correct horse battery staple" is already in every wordlist — and so is your favourite song lyric.
- Longer beats weirder. Five random words with a hyphen is stronger than four words peppered with symbol substitutions.
- Store it in a password manager or write it down and lock it up. A passphrase you forget is no safer than no passphrase at all.