Passphrase Generator: Strong Memorable
Passphrase generator using EFF wordlists and the XKCD method. Create memorable passwords with 50–100+ bits of entropy. Multilingual.
What Is the Passphrase Generator?
The Passphrase Generator creates sequences of random words that are both memorable and cryptographically strong — following the method popularized by the XKCD webcomic strip "correct horse battery staple." A four-word passphrase from a 7,776-word diceware list produces about 51.7 bits of entropy: harder to brute-force than an 8-character random password, yet far easier for a human to remember and type.
This tool draws words from multiple curated wordlists with a combined pool of over 10,000 words, supports 9 language variants, allows customization of word count, separator style, capitalization, and appended numbers, and displays live entropy calculations so you can see exactly how strong each configuration is. Everything runs in your browser — no passphrase is transmitted anywhere.
> Try it now: Passphrase Generator — free, no signup, 100% client-side.
Key Features
- Multiple word dictionaries — includes EFF Diceware (English), language-specific EFF-style lists for German, Spanish, French, Portuguese (BR), Russian, Hindi, Japanese, Chinese, and Korean, plus supplementary lists for technical terms and nature vocabulary. The tool selects relevant wordlists automatically based on your browser locale.
- Customizable word count (3–10 words) — controlled with a range slider. The default is 4 words.
- Five separator options — None (words run together), Space, Hyphen (
-), Underscore (_), and Period (.). - Optional capitalization — when enabled, the first letter of each word is uppercased before joining.
- Optional number suffix — append a random number in a configurable range (default 1–999). The tool calculates and displays the entropy contribution of the number range separately.
- Real-time entropy calculation — shows total entropy in bits, word pool size, and bits-per-word. Entropy accounts for word count, pool size, and the number range if enabled.
- Seven strength levels — identical to the Password Generator: Weak, Fair, Good, Strong, Very Strong, Fortress, Ludicrous.
- Bulk generation (1–100) — generate multiple passphrases simultaneously using the count slider.
- Batch mode — a supporter feature that generates up to 100 independent passphrases as a batch and displays them in a table.
- Minimum length enforcement — optionally require that the concatenated word characters reach a minimum length, triggering extra words to be added if needed.
How to Use the Passphrase Generator
Step 1: Choose Your Wordlists
The tool auto-selects wordlists based on your interface locale. English users see EFF Diceware, Common English, Technical, and Nature lists. German users see a German EFF-style list plus the English fallbacks.
Each wordlist entry shows its name, word count, and a brief description. Toggle lists on and off with checkboxes. At least one wordlist must remain active — attempting to deselect the last one triggers an error toast. Combining multiple wordlists increases pool size and therefore entropy per word.
Step 2: Set Word Count
Use the word count slider (range 3–10) to choose how many words appear in each passphrase. The entropy display updates immediately. With the standard EFF Diceware list (~7,776 words), each word contributes about 12.9 bits of entropy:
| Words | Approx. Entropy |
|---|---|
| 3 | ~38.7 bits (Weak) |
| 4 | ~51.7 bits (Fair) |
| 5 | ~64.6 bits (Good) |
| 6 | ~77.5 bits (Strong) |
| 7 | ~90.4 bits (Very Strong) |
Step 3: Choose a Separator
Five radio buttons control word separation:
- None — words are joined directly:
CorrectHorseBatteryStaple - Space —
Correct Horse Battery Staple - Hyphen —
Correct-Horse-Battery-Staple - Underscore —
Correct_Horse_Battery_Staple - Period —
Correct.Horse.Battery.Staple
Note: the separator option stores the option ID (e.g., 'hyphen'), not the character itself. The component looks up the character via SEPARATOR_OPTIONS.find((s) => s.id === options.separator).
Step 4: Configure Additional Options
Capitalize each word — checked by default. Uppercases the first letter of each word (word.charAt(0).toUpperCase() + word.slice(1)). This does not add meaningful entropy since an attacker can assume any word may be capitalized.
Append a random number — when checked, a number in a configurable range is appended directly to the end of the passphrase (no separator between the last word and the number). The default range is 1–999. The entropy contribution is log2(max - min + 1), which is shown in the entropy display alongside the range controls. The entropy calculation reflects visible digit count (number of digits in the generated number) rather than raw range arithmetic, to account for what an attacker can observe.
Minimum character length — a slider from 0 to 50. When set above 0, the generator adds extra words until the concatenated character count of all words meets the minimum. This is useful when a service imposes a minimum character count requirement.
Step 5: Generate and Copy
Click "Generate." The results card shows each passphrase with its word count, entropy in bits, and color-coded strength indicator. Click the copy icon on any row to copy that passphrase. Click "Copy All" to copy all passphrases separated by newlines.
Practical Examples
Master password for a password manager. You need a passphrase you will type daily and must not write down. Choose 6 words, hyphen separator, capitalize each word, and add a number in range 100–999. With the EFF Diceware list at 6 words (~77.5 bits) plus ~9.2 bits from a 900-value range, total entropy exceeds 86 bits (Very Strong). The result looks like: Marble-Blanket-Curtain-Fossil-Runway-Pencil847.
SSH key passphrase for a server. You type this passphrase infrequently but need it to be strong. Choose 7 words, underscore separator, no capitalization, no appended number. Seven EFF Diceware words gives ~90 bits (Very Strong). The lack of capitalization is intentional — all-lowercase is faster to type and the entropy is unaffected.
Wi-Fi password for a shared office. A password that visitors type on their phones. Choose 4 words, space separator, capitalize each word. The result is readable and memorable: Timber Forest Mirror Flute. At ~51.7 bits it is Fair for a passphrase but far more memorable than a random character string of equivalent length.
Tips and Best Practices
More words beat longer wordlists for entropy. Adding a second wordlist doubles the pool size, adding about 1 bit per word. Adding one more word adds log2(poolSize) bits directly. For maximum entropy, increase word count first, then add supplementary wordlists.
Separators do not add entropy. The separator is not random — an attacker modeling your passphrase construction knows which separators you commonly use. Separators improve readability and typing convenience, not security. Do not rely on separator choice as a source of entropy.
Capitalization is predictable. The capitalize option is presented as a security enhancement but adds negligible entropy because it applies deterministically to every word. Treat it as a readability feature, not a security one. The entropy calculation reflects this accurately — capitalization does not increase the displayed entropy value.
The number range matters, not the individual value. Appending a number from 1–999 adds log2(999) ≈ 10 bits. Appending from 100–999 adds log2(900) ≈ 9.8 bits. Widening the range to 1–9999 adds log2(9999) ≈ 13.3 bits. A larger range is worth more than a larger number.
Minimum length is a constraint, not a security boost. Adding minimum length causes the generator to add extra words until the character count is satisfied. This increases entropy proportionally (each extra word adds log2(poolSize) bits), but the length constraint itself is not random — an attacker who knows you use this option can model it.
Common Issues and Troubleshooting
"Select at least one wordlist" toast appears. You tried to deselect the last active wordlist. Enable at least one other wordlist before removing the current selection.
Entropy seems lower than expected. Check the word count slider — the minimum is 3 words. Also verify that no minimum length constraint is requiring extra words that you did not intend, as the entropy display counts total words generated, including any added to meet the length minimum.
Number range shows "Max must be greater than min" error. The number range validation requires numberMax > numberMin. If you enter the same value in both fields, the entropy from the number range drops to 0 and the error message appears. Set max to at least min + 1.
Passphrase contains a word from an unexpected language. Wordlists can be combined. If both the English EFF Diceware and the German EFF Diceware lists are active, words from both pools enter the combined selection. Deselect the unintended wordlist to constrain the output language.
Batch mode generates passphrases but entropy is 0. This happens if the entropy information was not available at render time for the batch output rows — the batch results show the passphrase string only, not the entropy per item. Check the live entropy display in the options card for the current configuration's entropy estimate.
Privacy and Security
The Passphrase Generator uses crypto.getRandomValues to select words from the pool. No passphrase is transmitted to any server — the wordlists are bundled into the application and all selection logic runs in the browser. The tool works offline once loaded. Passphrases are held only in browser memory; they are not stored by the application unless you use the History Panel (a premium supporter feature that stores data locally in IndexedDB on your device, not on any server).
Frequently Asked Questions
Is the Passphrase Generator free? Yes, completely free with no account, no signup, and no usage limits.
What is the XKCD method for passphrases? The XKCD method refers to a 2011 comic (strip #936) by Randall Munroe that illustrated how four random common words (e.g., "correct horse battery staple") are more secure and more memorable than a shorter password of random characters with substitutions. The security comes from the number of possible word combinations in a large wordlist, not from the complexity of individual characters.
What is diceware? Diceware is a method for generating passphrases by rolling physical dice to select words from a numbered word list. The EFF (Electronic Frontier Foundation) publishes curated diceware lists designed for this purpose. This tool uses the EFF wordlists digitally, with crypto.getRandomValues replacing the physical dice.
How much entropy is enough? Security recommendations vary by use case. For most password manager master passwords and account credentials, 60–80 bits (Good to Strong) is widely considered sufficient against current hardware. For long-lived secrets or high-value targets, 80–100 bits (Very Strong) or above is recommended. The tool's strength guide provides crack time estimates at consumer GPU and nation-state threat levels.
Does the separator choice affect entropy? No. The separator is a fixed configuration choice — an attacker modeling your passphrase knows which separator you use. Separators affect readability and typing convenience only. The entropy display does not include any contribution from separator selection.
Can I generate passphrases in other languages? Yes. The tool includes wordlists for German, Spanish, French, Portuguese (Brazil), Russian, Hindi, Japanese, Chinese, and Korean. The correct wordlists are shown automatically based on your browser locale. You can also manually toggle wordlists for any combination.
Does capitalizing words increase entropy? No. The capitalize option applies deterministically to every word (first letter uppercased). An attacker who knows you use this tool can model the capitalization pattern. The entropy calculation correctly does not add any bits for capitalization.
What is the largest number of passphrases I can generate at once? The count slider allows up to 100. Batch mode (a supporter feature) also allows up to 100 items per batch run.
Is combining multiple wordlists more secure? Combining wordlists increases the pool size, which adds approximately log2(newPoolSize/originalPoolSize) bits per word. For example, combining two 7,776-word lists into a ~15,552-word pool adds about 1 bit per word. Increasing word count is generally more impactful, but combining lists is a useful supplementary measure.
Does minimum length enforcement change the entropy calculation? Yes. When minimum length is active and extra words are added to meet the requirement, those extra words contribute their full entropy to the total. The entropy display always reflects the actual number of words in the generated passphrase.
Related Tools
- Password Generator — generate random-character passwords with cryptographic entropy and a 7-level strength meter.
- UUID Generator — generate RFC-compliant unique identifiers for non-password use cases.
- Base64 Encoder/Decoder — encode or decode credentials and tokens in Base64 format.
Try the Passphrase Generator now: Passphrase Generator