Generate a strong passphrase instantly — random words that are easy to remember but hard to crack. Runs entirely in your browser; nothing is sent anywhere.
A passphrase is a sequence of random words used as a password — something like tiger-marble-cloud-river. The words themselves aren't secret, but the combination is. With enough words chosen randomly from a large list, the number of possible combinations becomes so vast that even the fastest computers can't brute-force it in any reasonable timeframe.
| Passphrase | Random Password | |
|---|---|---|
| Memorability | High: words are human-readable | Low: random characters are hard to remember |
| Typing accuracy | High: fewer typos | Low: easy to mistype symbols |
| Entropy (typical) | 55 bits (5 words, 2048-word list) | 95 bits (16 chars, full charset) |
| Best for | Master passwords, device login | Everything stored in a password manager |
Pick the number of words based on what you're protecting. Four words works for low-stakes accounts where you need to type from memory. Five or six words is the right call for anything that matters: your password manager master password, your laptop login, a work account. Write it down somewhere safe while you memorize it, then destroy the note. Don't store it in plain text on your device.
The separator is mostly personal preference. Hyphens are the most compatible because almost every site accepts them. Spaces are easiest to type and read, but some sites refuse them. If you enable capitalization, the first letter of each word is uppercased, which satisfies most "must include uppercase" requirements.
Words are selected from a 2048-word curated list using crypto.getRandomValues(), the browser's built-in cryptographic random number generator. Each word is chosen independently with no bias. The mnemonic sentence below your passphrase is generated by a Markov chain to give the words a story, making them easier to link in memory. It runs entirely in your browser.
Often yes, especially for things you type from memory. A 5-word passphrase from a 2048-word list gives roughly 55 bits of entropy, comparable to a 10-character random password with full character sets. The big advantage is that passphrases are far easier to remember and type accurately. For anything stored in a password manager, a long random password is hard to beat.
Four words is a reasonable minimum for low-stakes use. For anything important (master password, work account, banking), go with 5 or 6 words. Each additional word multiplies the keyspace by the size of the wordlist, so the jump from 4 to 5 words is significant.
Any passphrase can theoretically be cracked, but a properly generated one makes that time astronomical. A 5-word passphrase from a 2048-word list has over 55 bits of entropy, which means more than 36 quadrillion possible combinations. At 10 billion guesses per second, cracking it would take millions of years on average. What matters is true randomness. Don't pick the words yourself.
Diceware is a method for generating passphrases using physical dice and a numbered word list. You roll five dice, look up the resulting number in the list, and that's your word. Repeat for each word. It's a fully offline, verifiably random process. This generator uses the same concept but replaces dice with crypto.getRandomValues(), the cryptographic random number generator built into modern browsers.
Appending a digit adds about 3 bits of entropy per word. It also helps with sites that require numbers in passwords. But the benefit is modest compared to adding an extra word. If a site demands special characters, appending a digit per word is a clean solution. If you have a choice, just add another word.
Use a passphrase wherever you need to type it from memory: your password manager's master password, your laptop login, a work VPN, or a disk encryption key. For everything else, let your password manager generate and store long random passwords.
It picks words at random from a curated list of 2048 common English words using crypto.getRandomValues(). No word is weighted or preferred over another. Everything runs in your browser. No data is sent to any server. The optional mnemonic sentence is generated by a Markov chain to help you remember the words.
Yes. A 5- or 6-word randomly generated passphrase is more than strong enough for online banking. The actual risk to banking accounts usually comes from phishing or credential reuse, not brute-force cracking. Use a unique passphrase (never reused from another site) and enable two-factor authentication.
Three things: randomness, length, and uniqueness. The words must be chosen randomly, not by you. Humans unconsciously gravitate toward meaningful combinations, which are easier to guess. Length matters because each extra word multiplies the search space. And uniqueness means never reusing the same passphrase across accounts.