Password Tools
What It Does
Generates passwords that alternate consonants and vowels, making them easy to say and remember while remaining reasonably secure.
How to Use It
- Set the desired length.
- Optionally enable digit or symbol injection.
- Click “Generate”.
Options Explained
| Option | Description |
|---|---|
| Length | Target number of characters |
| Include digits | Mix random digits into the pronounceable pattern |
| Include symbols | Mix random symbols into the password |
Example
baloteri (8 characters, pronounceable)
About Pronounceable Passwords
Pronounceable passwords are generated using phonetic patterns — typically alternating consonants and vowels — to create strings that sound like plausible words without actually being dictionary entries. This approach produces passwords that are significantly easier to read, type, and remember compared to fully random character strings, while still maintaining meaningful entropy against automated attacks.
The technique originated from Morrie Gasser's 1975 research on random pronounceable password generation, which demonstrated that phonetically structured passwords achieve higher user adoption rates and fewer written-down passwords than purely random strings. Modern implementations use consonant-vowel-consonant (CVC) syllable patterns combined with cryptographic randomness to ensure each phonetic unit is selected unpredictably from the valid set.
While pronounceable passwords have lower entropy per character than fully random passwords (because the character pool is constrained by phonetic rules), this is offset by the practical benefit of longer passwords. Users willingly adopt longer pronounceable passwords, and a 16-character pronounceable password can still provide strong protection for most use cases when combined with account lockout policies.
Common Use Cases
- Creating passwords that must be typed frequently without a manager
- Generating temporary credentials that are read aloud (e.g., helpdesk resets)
- Producing shared passwords that teams need to communicate verbally
- Setting up passwords for systems that don't support paste functionality
- Creating memorable Wi-Fi passwords for home or office networks
- Generating user-friendly passwords for non-technical users
What Is a Pronounceable Password?
A pronounceable password is a randomly generated credential that follows phonetic rules, making it sound like a plausible (but nonsensical) word. The generator alternates consonants and vowels in patterns that create syllable-like structures — for example, “tobarek” or “fumidol” — so the result can be spoken aloud, typed from memory, and communicated verbally without character-by-character spelling. Despite being readable, each character is still selected randomly within its phonetic category using the Web Crypto API, preserving unpredictability. The trade-off is that constraining character choices to consonant/vowel patterns reduces entropy per character compared to a fully random string, so pronounceable passwords need to be longer to achieve the same security level. They are ideal for scenarios where a password manager is unavailable and the user must recall or dictate the credential — such as helpdesk resets, shared Wi-Fi passwords, or temporary access codes for non-technical users.
Frequently Asked Questions
Are pronounceable passwords less secure?
Per character, yes — because the character set at each position is constrained to consonants or vowels. However, a longer pronounceable password can match the entropy of a shorter random one. A 16-character pronounceable password typically provides strong security for most use cases.
How are the syllable patterns generated?
The generator uses templates that alternate consonants and vowels (e.g., CVC-CVC) and selects each character randomly within its category using the Web Crypto API. This ensures the output sounds natural while remaining unpredictable.
When should I choose pronounceable over random?
Use pronounceable passwords when you need to type the password frequently, communicate it verbally, or work on systems that do not support paste. For stored credentials managed by a password manager, fully random passwords are preferable.
All password generation occurs locally in your browser using the Web Crypto API. No passwords or phonetic patterns are transmitted or stored anywhere.