Passphrase Generator
Create strong, easy-to-remember passphrases
Strong, but actually memorable
A passphrase is a password made of several random words rather than a jumble of symbols - think "anchor-violet-tractor-mango" instead of "X7%kq!2p". The famous xkcd comic summed it up: a string of four common random words is both far easier for a human to remember and far harder for a computer to guess than a short, gnarly password.
The Diceware idea
The technique comes from Diceware, where words are chosen at random from a long, fixed list. Each word drawn from a list of a few thousand contributes roughly 12 to 13 bits of entropy, so a four-word phrase already lands around 50 bits and a six-word phrase comfortably exceeds what a modern attacker can brute-force. The strength comes entirely from the randomness of the selection.
Getting it right
- Use at least four to six words, and let the tool pick them - words you choose yourself are not random and are far weaker.
- Keep a separator between words so the phrase stays readable and the word boundaries add a little more entropy.
- Add a number or capital if a site insists on it, but never water down the word count to make room.
When a passphrase is the right tool
Passphrases shine wherever you must type a secret from memory: the master password for your password manager, full-disk encryption, an SSH key passphrase or a recovery code. For everything else, let a manager store long random passwords - and protect that manager with a passphrase from here. Generation happens entirely in your browser, so nothing leaves your device.