Passphrase Generator: Strong Memorable Passphrases
Generate XKCD-style passphrases (correct horse battery staple) with EFF Diceware and locale-specific wordlists, custom separators, and live bits-of-entropy scoring.
What Is the Passphrase Generator?
The Passphrase Generator builds memorable multi-word passphrases using the XKCD "correct horse battery staple" method. You pick a word count, pick a dictionary or two, and the tool draws random words from the combined pool using crypto.getRandomValues, reports the entropy in bits, and labels it on a seven-step scale from Weak to Ludicrous. I reach for this when I am setting up a new password manager master password, an encryption recovery phrase, or any credential I will have to type on a phone keyboard. Random character strings are stronger per character but unusable for those cases — four random words from a 7,776-word EFF list give you 51 bits and something you can actually remember on day three.
Key Features
- Multiple word dictionaries — the EFF Diceware long list (7,776 words), a common English list, technical and nature lists, plus locale-specific lists for German, Spanish, French, Portuguese, Russian, Hindi, Japanese, Chinese, and Korean.
- Word count slider (3-10) — drag to set the minimum word count. Three is fast to type but only ~38 bits with a small list; six to seven is the realistic sweet spot for master passwords.
- Optional minimum length — a second slider enforces a character floor (0-50). Useful when a service requires a 20-character minimum and four short words wouldn't clear the bar.
- Five separator options — None (camelCase-style), Space, Hyphen, Underscore, Period. The separator does not contribute entropy but affects readability.
- Capitalize each word — title-cases every word. Adds no real entropy but satisfies "must include uppercase" rules.
- Append random number — appends a number from a configurable range (defaults 1-999). The bits-added line updates live based on the range.
- Real-time entropy calculation — the entropy panel shows total bits, pool size, bits per word, and a color-coded strength label that updates as you tweak any setting.
- Bulk generation up to 100 — drag the count slider to produce up to 100 passphrases in one click, each with its own entropy reading.
- Browser-side randomness — the source is
crypto.getRandomValues, the same CSPRNG the Web Crypto API uses internally, notMath.random().
How to Use the Passphrase Generator
The "Words" slider at the top sets the minimum word count from 3 to 10; the label updates in real time. Below it, the "Minimum length" slider enforces a character floor from 0 to 50 — leave it at 0 unless a target system requires a specific minimum string length. If you set both, the generator keeps drawing words until both thresholds are met.
Under the sliders, five radio buttons control the separator (None, Space, Hyphen, Underscore, Period) and two checkboxes toggle "Capitalize each word" (on by default) and "Append random number" (off). Ticking the number option reveals Min/Max fields and a live "+ X.X bits" readout showing the entropy contribution from the configured range.
The "Dictionaries" panel lists the wordlists relevant to your locale — for English that's EFF Diceware, Common English, Technical, and Nature; other locales add the matching localized list. Tick at least one (the tool blocks unticking the last with a toast). Adding more lists usually drops bits-per-word slightly because the combined pool grows non-proportionally; the entropy panel shows live numbers.
Reading the Entropy Panel
The grey panel below the dictionaries shows total entropy (color-coded), word pool size, and bits per word. The strength tier comes from the total bits:
- Weak (red): under 40 bits
- Fair (orange): 40-49 bits
- Good (yellow): 50-59 bits
- Strong (lime): 60-79 bits
- Very Strong (cyan): 80-99 bits
- Fortress (violet): 100-149 bits
- Ludicrous (rainbow): 150+ bits
Sixty bits is the minimum for anything you actually care about. Eighty bits is the right target for a master password.
Once the entropy reads where you want it, set the "Generate" count slider (1-100) and click Generate. Results appear in a list, each with its word count and entropy. The copy icon next to each line copies one passphrase; Copy All joins everything with newlines, and Clear wipes the list. If nothing in the batch grabs you, click Generate again — settings stay, only the words change.
Practical Examples
A Master Password for a Password Manager
Settings: 7 words, EFF Diceware list, Hyphen separator, Capitalize on, no number, Generate count 5.
Output (one of five candidates):
Tropical-Dapper-Backboard-Skating-Roving-Reproach-CubicalThat is 90.5 bits of entropy — Very Strong. Pick the one you like best from the five, write it on paper for a week while you memorize it, then shred the paper. The hyphens make it tolerable to type into a mobile keyboard the first few times.
An Encryption Recovery Phrase
Settings: 6 words, EFF Diceware, Space separator, Capitalize off, no number.
Output:
gallant pelt anguish flagstone graveness scorch77.5 bits, Strong. Spaces are easier to read aloud and harder to mistype than hyphens when you are reading a phrase to a family member over the phone. Six words is the standard recommendation for BIP39-style recovery phrases — same idea, different word list.
An SSH Key Passphrase on a Server You Use Daily
Settings: 5 words, Common English list, Hyphen separator, Capitalize on, Append number (1-99).
Output:
Brisk-Marble-Quill-Vintage-Oasis-47About 56 bits. Lower entropy than the master password example, but for a key that is also protected by a 4096-bit RSA key on disk, this is the right tradeoff: short enough to type 30 times a day without resentment, strong enough that a stolen id_rsa file is not immediately game over. The trailing number adds a few bits and lets you keep different passphrases for different servers without rewriting the words.
Tips and Best Practices
Sixty bits is the floor for anything that matters. Below 60 bits, a well-funded GPU rig can churn through the keyspace in weeks. Above 80, even nation-state actors run out of patience. The strength labels match these break-even points: Strong (60-79) is fine for most accounts, Very Strong (80-99) is the master-password target.
The XKCD method beats random characters for memorability. A 12-character random string like qP$7zR!2mK#x has about 79 bits and is unmemorable. Six EFF Diceware words has about 77 bits and you can recite it after one rehearsal. For credentials you will never type, random characters are fine. For anything you will type, words win.
Add length, not complexity. The advice "use mixed case, numbers, and symbols" comes from the era of 8-character passwords. With passphrases, length is the only knob worth turning. Adding one more word to the count gives you ~12.9 bits with a 7,776-word list, which is more than every symbol substitution combined.
Combining lists usually weakens individual words. Two 7,776-word lists do not give you 15,552 unique words — they give you ~14,000 after deduplication. The bits per word goes up by about 0.8, so an extra word does more good than turning on a second list. Use multiple lists for a specific aesthetic (technical-only, nature-only) rather than for entropy.
Use a different passphrase for each high-value credential. A single leak should not compromise other accounts. Generate batches of 10 and assign one each to your password manager, disk encryption, recovery codes, and SSH keys.
Common Issues and Troubleshooting
"Please select at least one wordlist" — you unticked every dictionary box. Tick at least one. The tool also prevents unticking the last remaining list (it shows a toast).
Passphrase comes out shorter than the minimum length you set. The minimum length slider only applies a character floor, not an exact target. If your minimum is 30 and the random words happen to total 33 characters, you get a 33-character output, not a padded 30. If word count plus minimum length cannot both be satisfied within 100 attempts, the generator stops and returns whatever it has — pick a more realistic combination (more words or fewer characters required).
The entropy reading drops when you tick a second wordlist. The combined pool is larger, so each word has fewer bits per word relative to the total — this is mathematically correct. Bits per word is log2(pool size), and a pool of 14,000 words gives ~13.8 bits per word vs ~12.9 for 7,776. The total entropy still increases, just not as much as the math feels like it should.
Capitalization adds no entropy in the panel. Capitalizing the first letter of each word is predictable (an attacker tries that pattern first), so the calculator counts zero bits for it. The same applies to a fixed separator. Only the random number range and the word draws contribute to the entropy total.
The same word appears twice in a passphrase. With 4-7 words drawn from a 7,776-word pool, the birthday-problem probability of a duplicate is small but nonzero. A duplicate does not invalidate the passphrase — the entropy calculation already assumes independent draws. If you do not like the look of it, click Generate again.
Privacy and Security
All passphrase generation runs locally in your browser using crypto.getRandomValues, the cryptographically secure pseudo-random number generator exposed by the Web Crypto API. Generated passphrases are never sent to any server; the dictionaries are bundled into the page JavaScript and load with the rest of the tool. The history panel below the tool stores recent generations in your browser's local IndexedDB only — clear it when you are finished, or use the tool in a private/incognito window if you do not want any local trace.
Frequently Asked Questions
What is the XKCD passphrase method?
It comes from XKCD strip 936 ("Password Strength"), which argues that four common random words ("correct horse battery staple") are stronger and more memorable than a typical 8-character "complex" password like Tr0ub4dor&3. The math: four words from a 2,048-word list is 44 bits; the complex 8-char string is about 28 bits once you account for predictable substitution patterns. The Passphrase Generator implements this directly.
What is Diceware and how does the EFF list differ?
Diceware is the original passphrase scheme from Arnold Reinhold (1995): roll five physical dice to pick a word from a 7,776-word list, repeat for each word. The EFF published an updated list in 2016 with the same 7,776-word size but better word choices — more pronounceable, fewer rare or offensive words, and a minimum word length to avoid one-letter-typo collisions. The Passphrase Generator uses the EFF list as its default English dictionary.
How many words do I need for a strong passphrase?
Four words from the EFF list is 51.7 bits — Good but not Strong. Six words is 77.5 bits (Strong). Seven gets you to 90.5 bits (Very Strong), the right target for a master password. Below four words you are weaker than a random 8-character password; above seven, you are paying memorization cost for diminishing returns.
Can I use a passphrase as a password manager master password?
Yes — that is the recommended use case. The master password is the one credential you cannot store in the manager itself, so memorability matters. Six to seven EFF Diceware words at 77-90 bits is the standard recommendation.
Why does the tool say capitalization adds zero bits?
Because the capitalization pattern is fixed and known. A real entropy contribution would require capitalization that an attacker cannot predict. "Capitalize first letter of each word" is the obvious pattern; an attacker tries it on the first attempt. Marking it as 0 bits is the honest accounting.
Should I use the "Append random number" option?
It depends on the target system. If the system enforces "must include a digit", tick the box and pick a small range like 0-99 (about 6 bits). If there is no such requirement, the entropy is better spent on an additional word: a 7-word passphrase has more entropy than a 6-word passphrase plus a 3-digit number, and is easier to remember.
Related Tools
- Password Generator — generate dense random-character passwords for credentials you will never type by hand.
- UUID Generator — generate v4 UUIDs when you need a globally unique identifier instead of a passphrase.
- Base64 Encoder/Decoder — encode arbitrary binary data, including encryption ciphertext, for safe text transport.
- AES Encryption — encrypt sensitive notes or files using the passphrase you just generated as the password.
- Hash Suite — compute SHA-256, SHA-512, and other hashes of a passphrase when you need to store a verifier rather than the phrase itself.
Try Passphrase Generator now: Passphrase Generator