A password you cannot remember gets reused or written down — both worse than the password itself. This tool builds passphrases from random dictionary words, an approach popularised by Diceware and the famous “correct horse battery staple” comic, giving you strings that are easy to recall yet hard to guess.
How it works
The generator picks several words at random from a curated list of about 250 short, easy-to-spell English words, joins them with your chosen separator, and optionally capitalises each word, appends a number, and adds a symbol. Randomness comes from crypto.getRandomValues with rejection sampling, so there is no modulo bias.
The entropy estimate assumes the worst case — that an attacker knows your exact recipe and word list — and adds up the independent choices:
entropy (bits) = words × log2(list size)
+ log2(10000) [if a number is appended]
+ log2(8) [if a symbol is appended]
With a 250-word list, each word contributes about 8 bits, so a four-word passphrase plus a number lands near 45 bits, and six words plus a number and symbol comfortably exceeds 60.
Why passphrases beat complex passwords for memorability
Human memory is optimised for narratives and concrete images, not arbitrary character strings. “R@7vQ#k2” is nine characters with high apparent complexity but near-impossible to recall without writing it down. “Coral-Anchor-Drift-42” is twenty characters, visually and aurally memorable, and produces a story-like chain the brain can encode. The memorability gap between these two strings is enormous, yet the passphrase has higher entropy if the words are chosen randomly from a large list.
This is the insight behind Diceware, the offline word-list technique developed in the 1990s: that measured randomness over a large space (6-sided dice, 7,776-word list) produces more security per unit of user memory burden than arbitrary mixed-character strings from a smaller guessable space.
Entropy targets by use case
Not all accounts need the same protection. A rough guide:
- Throwaway accounts / low-stakes login: 40–50 bits (three to four words) is reasonable
- Email, social media, important accounts: 60+ bits (four to five words with a number)
- Password manager master password / device unlock: 80+ bits (six or more words, which most people can genuinely memorise with a little practice)
The reason to aim higher for your password manager is that it protects everything else. A compromised master password is a single point of total failure across your digital life.
When to use memorable passphrases vs. a manager-generated random string
Memorised passphrases serve a narrow but important role:
- Device login (laptop, phone) — you type this many times a day and cannot look it up
- Password manager master password — by definition, this cannot live inside the manager
- Full-disk encryption passphrase — needed at boot, before any app is open
- Emergency account recovery — an email passphrase you could recall after years away
For every other account, generate a long random string (20+ characters) inside your password manager. You never need to type or remember it — the manager handles that — so memorability is irrelevant and maximum random entropy is what matters.
Tips and notes
- Length beats complexity. Adding one more random word raises entropy far more than swapping a letter for a symbol — favour more words over more punctuation.
- Use the number and symbol options only to satisfy site rules that demand them; they add little entropy compared with an extra word.
- A passphrase’s strength assumes the words are chosen randomly. Picking your own “memorable” words from your life destroys the security — let the tool choose.
- Reserve memorised passphrases for the handful of passwords you must type by hand; let a password manager generate and store the rest as long random strings.