Password Tools

Active tool: Password Tools

Selected option: Passphrase Generator

What It Does

Generates memorable passphrases from random dictionary words (Diceware-style).

How to Use It

Select the number of words.
Choose a word separator (space, hyphen, period, etc.).
Optionally enable capitalization or digit insertion.
Click “Generate”.

Options Explained

Option	Description
Word count	Number of random dictionary words (more words = more entropy)
Separator	Character between words (e.g., `-`, `.`, space)
Capitalize words	Capitalize the first letter of each word
Include number	Insert a random digit into the passphrase

Example

correct-horse-battery-staple (4 words, hyphen separator)

Tip: A 5-word passphrase typically provides ~64 bits of entropy — comparable to a strong random password but much easier to memorize.

Passphrase GeneratorWord Count: 6 words

Word ListSeparator

Options

Capitalize words

Include number

Include symbol

Preview: ~77 bits entropy · 7776 words · Strong

Output

Security Note: All passphrases are generated client-side using a CSPRNG (Web Crypto). No data is transmitted or stored. Word lists are from the EFF.

About Passphrases

A passphrase is a password composed of multiple randomly selected words, offering an excellent balance between security and memorability. The concept was popularized by the Diceware method, where words are chosen by rolling physical dice and looking up the results in a numbered word list. Each word adds approximately 12.9 bits of entropy (from a 7,776-word list), so a six-word passphrase provides around 77 bits of entropy — far stronger than most human-chosen passwords.

This tool uses the Electronic Frontier Foundation (EFF) word lists, which were specifically designed for passphrase generation. The EFF lists avoid obscure, offensive, or easily confused words, resulting in passphrases that are easier to type and remember. Words are selected using the Web Crypto API's CSPRNG, ensuring each word is chosen with true cryptographic randomness rather than predictable patterns.

Research by Carnegie Mellon University has shown that passphrases are significantly easier for users to recall than equivalent-entropy random character strings, while providing comparable or superior resistance to automated cracking. Adding a separator, number, or symbol between words can further increase entropy without sacrificing readability.

Common Use Cases

Creating memorable master passwords for password managers
Securing full-disk encryption (LUKS, BitLocker, FileVault)
Generating strong Wi-Fi network passwords that guests can type
Protecting cryptocurrency wallets and recovery seeds
Creating SSH key passphrases that balance security and usability
Meeting minimum length requirements where 20+ characters are needed

What Is a Passphrase?

A passphrase is a password composed of multiple randomly selected words rather than a random string of characters. The concept was popularized by the Diceware method, which uses physical dice to pick words from a curated list, and later by XKCD's famous “correct horse battery staple” illustration. The security of a passphrase comes from the number of words and the size of the word list: selecting 4 words from a 7,776-word Diceware list yields roughly 51 bits of entropy, while 6 words provide about 77 bits — enough to resist offline cracking for decades. Passphrases are popular because they are significantly easier to memorize and type than an equivalent-entropy random string. They are ideal for master passwords, disk encryption keys, and any scenario where you must recall the credential from memory. Modern passphrase generators use the browser's cryptographically secure random API to replicate the randomness of physical dice without the manual effort.

Frequently Asked Questions

How many words should a passphrase contain?

Four words provide a reasonable baseline for online accounts with lockout policies. For high-value targets like encryption keys or password manager vaults, use five or six words to reach 64-77+ bits of entropy.

Are passphrases stronger than random passwords?

At the same entropy level they are equally strong. Passphrases simply reach that entropy through word count and list size instead of character diversity, making them much easier to remember and type.

Does the separator between words matter?

The separator adds a small amount of entropy and can help meet complexity rules (e.g., requiring a number or symbol). Common choices include hyphens, spaces, digits, or mixed separators.

Can an attacker just guess common word combinations?

Attackers can try dictionary-based attacks, but the number of possible combinations grows exponentially with each added word. With a 7,776-word list and 5 words, there are over 28 trillion combinations — far too many to brute-force efficiently.

Everything runs locally in your browser using the Web Crypto API. No passphrases, word selections, or configuration data ever leave your device.