Passphrase Generator
Diceware & random word passphrases — easy to remember, hard to crack.
The Diceware Method Explained
Diceware was invented by Arnold Reinhold in 1995. The original method uses five physical dice rolls to select each word from a numbered list of 7,776 words (6^5). Each word provides exactly 12.9 bits of entropy — meaning a 6-word passphrase has ~77.5 bits, enough to resist any current brute-force attack.
Our generator replaces physical dice with the Web Crypto API's CSPRNG, which provides equivalent randomness without the inconvenience of rolling dice.
The XKCD "Correct Horse Battery Staple" Analysis
The famous XKCD #936 comic demonstrated that a 4-word passphrase (44 bits with a 2,048-word list) is both stronger and more memorable than a "complex" 8-character password like Tr0ub4dor&3 (28 bits).
However, 44 bits is no longer sufficient against modern GPU clusters. We recommend 5+ words from the EFF Long wordlist (7,776 words) for at least 64 bits of entropy.
Passphrase vs. Password Comparison
| Type | Example | Entropy | Memorability |
|---|---|---|---|
| Random password (12 chars) | j7$Kp2!mNx#9 | ~79 bits | Very hard |
| 4-word passphrase | Sunset-Arrow-Galaxy-42 | ~56 bits | Easy |
| 5-word passphrase | Harbor-Moon-Quest-Tiger-73 | ~69 bits | Easy |
| 6-word passphrase | Brave-Ocean-Knight-Dawn-River-15 | ~81 bits | Moderate |
For accounts where you need to type the password frequently (master password, device unlock), a 5-6 word passphrase is the best balance. For everything else, use a random password stored in a password manager.
Frequently Asked Questions
What is a passphrase?
A passphrase is a password made of multiple random words (e.g., "correct-horse-battery-staple"). Passphrases are easier to memorize than random character strings while providing equal or greater security when long enough (4+ words).
How many words should my passphrase have?
At least 4 words for general use (~51 bits of entropy with a 7,776-word list). For high-security accounts, use 6+ words (~77 bits). Each additional word multiplies the keyspace by the wordlist size.
What is the Diceware method?
Diceware is a method for generating passphrases by rolling five dice to select words from a numbered wordlist. Each word provides ~12.9 bits of entropy. Our tool automates this with a CSPRNG instead of physical dice, providing the same security with more convenience.
Is "correct horse battery staple" a good passphrase?
Not anymore — it's a famous example from an XKCD comic and appears in cracking dictionaries. The method is sound, but you must generate your own unique passphrase. Our tool creates truly random passphrases that don't appear in any dictionary.
Passphrase vs password — which is more secure?
At equal entropy, they're identical in security. A 5-word passphrase from a 7,776-word list (~64 bits) is comparable to a 10-character fully random password. The advantage of passphrases is memorability — you can type them without a password manager.
Which wordlist should I choose?
EFF Long (7,776 words) is recommended for most users — it's curated for memorability and avoids ambiguous words. Diceware is the classic standard. EFF Short has shorter, simpler words but requires more words for equivalent security.