Passphrase Generator

What this tool does

The Passphrase Generator builds memorable passphrases by joining several randomly chosen words into a single string. Instead of an unpronounceable mix of symbols, you get something like harbor-cactus-meadow-violet — easy to read, easy to type, and surprisingly hard to guess. You control how many words to use, what character separates them, how they are capitalised, and whether a random number is tacked on. Every passphrase comes with an estimated entropy figure in bits so you can judge its strength at a glance.

Word selection uses crypto.getRandomValues, the browser’s cryptographically secure random source, with rejection sampling so no word is even slightly more likely than another. The words come from a curated diceware-style list of common, concrete English words assembled specifically for this tool — not the verbatim EFF list or any other published list reproduced in full.

Use cases

A passphrase is a good fit anywhere you need a strong secret you will actually remember. Use one for your password manager’s master password, for full-disk encryption, for a Wi-Fi network shared with guests, or for any account where you prefer not to rely on autofill. Passphrases are also handy for things you must read aloud or dictate — a string of real words survives a phone call far better than a fistful of punctuation. Teams sometimes use them for shared service credentials or temporary access codes that need to be communicated quickly.

How to use it

1. Set the number of words with the slider — three to ten, with four as a sensible default. More words means more entropy.
2. Choose a separator: a space, a hyphen, a dot, or none. Hyphens and dots work well where spaces are not allowed.
3. Pick a capitalisation style: all lowercase, each word capitalised, or all uppercase. Capitalisation does not add meaningful entropy but can satisfy password rules.
4. Optionally switch on add a random number to append a two-digit number.
5. Press Generate passphrase. Use Regenerate for a fresh one, then the Copy button to put it on your clipboard.

The entropy readout updates with every setting. As a rough guide, under about 40 bits is weak, 60 bits is solid for most accounts, and 80 bits or more is very strong. If a passphrase looks short on bits, add another word or two.

Privacy & your data

Everything happens inside your browser. No passphrase is sent to a server, and nothing is written to local storage, cookies, or any other persistent place. The passphrase exists only in the page while it is open — reload or close the tab and it is gone for good. Because of that, copy your passphrase and store it somewhere trustworthy, such as a password manager, immediately after generating it. The tool cannot recover a passphrase you did not save.

Tips

The single biggest lever on strength is the word count, so when in doubt add words rather than fiddling with separators or capitalisation. Five or six words gives a passphrase that is comfortably strong yet still easy to memorise. Resist the urge to “improve” a generated passphrase by hand — swapping in a favourite word or a meaningful date undermines the randomness the entropy estimate assumes. If a site rejects your passphrase for missing a digit, turn on the random number rather than editing the words yourself. Finally, never reuse the same passphrase across accounts: generate a fresh one each time and let a password manager remember them all for you.