A passphrase generator creates memorable yet cryptographically secure passwords by combining random words. Unlike random character strings that are hard to remember, passphrases like "correct-horse-battery-staple" are both strong and human-readable. All generation uses crypto.getRandomValues() — never Math.random().
Recent Passphrases
Stored only in your browser. Clear before sharing your device.
How to Use the Passphrase Generator
A passphrase is a sequence of random words used as a password. The concept was popularized by the XKCD comic "correct horse battery staple" and formalized by the Electronic Frontier Foundation's Diceware wordlist. The key insight: random words are both stronger AND more memorable than random characters.
Step 1: Choose Your Word Count
Select 3–8 words. A 4-word passphrase from this generator has approximately 44 bits of entropy — comparable to a 9-character random password using uppercase, lowercase, and numbers. A 6-word passphrase (66+ bits) is considered strong for nearly all use cases including sensitive accounts.
Step 2: Configure Format
Choose a separator (hyphen, space, period, or custom), capitalization style (lowercase is easiest to type), and whether to append a number or symbol. Adding a symbol is useful for sites that require special characters without meaningfully reducing memorability.
Step 3: Generate and Review Entropy
Click "Generate Passphrase" to see your passphrase with an entropy display in bits, an estimated crack time at 1 trillion guesses/second, and an equivalent character password length comparison. The strength meter uses these thresholds: under 40 bits = Weak, 40–55 = Fair, 56–70 = Strong, 70+ = Very Strong.
Step 4: Copy and Use
Click "Copy" to copy the passphrase to your clipboard. If you need multiple options, set "Generate" to 3, 5, or 10 and pick your favorite. Your recent passphrases are stored in browser history — click "Clear for security" before sharing your device.
Why Passphrases Are Stronger Than You Think
The strength of a passphrase comes from the number of possible combinations (entropy), not the length in characters. With 2048 words in this wordlist, a 4-word passphrase has 2048^4 = 17.6 trillion possible combinations. An attacker guessing at 1 trillion per second would take 17,600 seconds on average — about 5 hours — even with no rate limiting. A 6-word passphrase stretches that to over 2 billion years.
FAQ
Is this passphrase generator free?
Yes, completely free with no account or signup required.
Is my data private?
Yes. All passphrase generation happens entirely in your browser using the Web Crypto API. Nothing is sent to any server. History can be cleared at any time.
Is this cryptographically secure?
Yes. The generator uses window.crypto.getRandomValues() — the same cryptographic-quality randomness used by browsers for TLS. It is NOT based on Math.random(), which is not suitable for security applications.
Why use a passphrase instead of a random password?
A 4-word passphrase like 'correct-horse-battery-staple' has ~51 bits of entropy and is far easier to remember than 'k3#Lp9!mQ'. Longer passphrases (6–8 words) are stronger than most random character passwords while remaining memorable.
What word list does this use?
The generator uses a subset of the EFF Long Wordlist — 2048 common English words chosen for memorability, avoiding offensive words, and ensuring distinctiveness. The full EFF list has 7,776 words.
How is entropy calculated?
Entropy = log2(wordlist_size ^ word_count). For 4 words from 2048 choices: log2(2048^4) = 44 bits. Each additional word adds about 11 bits. 60+ bits is considered very strong for most applications.
How long would it take to crack my passphrase?
At 1 trillion (10^12) guesses per second — far beyond what any current hardware can achieve for well-hashed passwords — a 4-word passphrase would take thousands of years. A 6-word passphrase is effectively uncrackable by brute force.