Passphrase Generator (Diceware-Style) — Generator

Passphrase Generator

Free

No signup

Runs in your browser

WordsSeparator

Capitalise first letter of each word

Estimates for educational purposes — not financial, medical, or legal advice. See terms.

Generate strong, memorable passphrases (Diceware-style) from a curated English wordlist. Each word contributes exactly 10 bits of entropy from the 1024-word list; the tool surfaces the total bit-strength and a simple classification so you know at a glance whether your passphrase is strong enough for your use case.

How it works

Pick a word count (3–20).
Pick a separator (dash, space, dot, underscore, or none).
Optionally capitalise first letters.
Click Generate.

The tool lazily loads the wordlist on first click (dynamic import keeps the homepage small) and uses crypto.getRandomValues via rejection sampling to pick uniform-random words. Each word pick is independent; the output passphrase is the words joined with your chosen separator.

Entropy and strength

Entropy is calculated as words × log2(1024) = words × 10 bits. With the 1024-word list:

Words	Bits	Strength	Example use
3	30	weak	not for anything real
5	50	okay	low-stakes online accounts
7	70	strong	most important accounts
10	100	very strong	key encryption, backup passphrases
12	120	very strong	overkill for practical purposes

For reference: a random 8-character alphanumeric password has ~48 bits of entropy (weak by modern standards). A random 12-character alphanumeric is ~71 bits (strong). A 7-word passphrase matches that while being vastly easier to remember.

Example: 6-word passphrase

Click Generate with count=6, dash separator. Typical output: flash-window-pilot-mount-basic-river. That’s 60 bits of entropy — strong enough for most accounts, easy enough to type from memory after a handful of tries, and trivially faster to type than the equivalent random-character password.

Example: high-strength key passphrase

For encrypting a long-term secret (e.g., a gpg key passphrase or a password-manager master): 10 words = 100 bits of entropy. That’s far beyond anything practically breakable with current or foreseeable technology. Writing this one down and storing it somewhere safe is reasonable — the strength is in the randomness, not in keeping it purely in your head.

xkcd 936 reference

The canonical argument for passphrases over passwords: xkcd 936: “Password Strength” pointed out that memorising “Tr0ub4dor&3” (a password with ~28 bits of entropy) is harder than memorising “correct horse battery staple” (44 bits of entropy, from a 2048-word list). This tool is the digital version of the dice-rolling scheme the comic implicitly references.

Why not random characters?

Entropy-per-character of a memorised random string is much lower than people assume. Humans remember structure — phonemes, morphemes, meaningful chunks — not arbitrary characters. A passphrase of common words gets the structure for free: it’s a sequence of real words, which your brain is already optimised to encode. A random character string of the same bit-strength is much longer and much harder to recall correctly.

The downside: passphrases are longer to type. If that matters (mobile, frequent login), a shorter high-entropy character string stored in a password manager is the better trade-off. Passphrases shine for the one or two master secrets you actually have to remember.

What this tool does not do

It doesn’t save or sync passphrases. Each generation is standalone; nothing persists. For real password management, use a dedicated password manager (Bitwarden, 1Password, KeePass) and let it generate random characters of whatever length you need.

It doesn’t check passphrases against breach databases. A passphrase generated here won’t have been breached (it’s new), but if you’re also testing existing passphrases against leaked-password lists, use a dedicated tool like HaveIBeenPwned.

It doesn’t enforce site-specific password policies. If a system requires specific characters (uppercase, digits, symbols), a passphrase might not pass its validator even though it’s much stronger than what the policy requires. Workaround: add a digit and symbol manually, or use the character-class password generator instead.

It doesn’t use the full EFF Diceware wordlist. Our list is 1024 words (10 bits/word); the official EFF list is 7776 (~12.9 bits/word). The difference matters at the margin but rarely in practice — add one or two extra words if you want to match EFF entropy levels.

It doesn’t support non-English wordlists. Other-language Diceware lists exist (EFF publishes several); adding them would require bundling larger wordlists. For character-based passwords instead of word-based passphrases, the password generator handles length and character-class requirements.

Frequently asked questions

What's a Diceware passphrase?

A password made of several random English words strung together. The name comes from the original Diceware scheme, which used physical dice to roll indices into a 7776-word list. 'correct horse battery staple' is the famous xkcd example — four random words gives about 44 bits of entropy, which is hard for machines to guess but easy for humans to remember. The tool generates the equivalent digitally, using crypto.getRandomValues for entropy instead of dice. Longer passphrases (6-8 words) give enough entropy to resist any practical brute-force attack.

How much entropy do I need?

Rough targets: 50 bits for things that need to survive throwaway online attacks, 70 bits for anything that could attract a targeted attacker, 100+ bits for high-value secrets (key encryption, sensitive accounts, long-term storage). With the tool's 1024-word list, that's 5, 7, and 10 words respectively. The strength label ('weak' / 'okay' / 'strong' / 'very strong') matches those thresholds. NIST SP 800-63B recommends at least 20 characters or equivalent entropy for anything important.

Is 1024 words enough?

For practical use, yes. The EFF's Diceware wordlist has 7776 words (for ~12.9 bits/word), and our list has 1024 (for exactly 10 bits/word). The difference is small — a 7-word EFF passphrase gives about 90 bits, a 7-word list passphrase gives 70. You can always add a word or two to compensate. The smaller list trades entropy per word for a faster page-load and easier-to-recognise vocabulary (words are shorter and more common). For the highest-entropy-per-word passphrases, use a full EFF wordlist in a dedicated password manager.

Why is entropy measured in bits?

Because it tells you directly how many guesses an attacker needs. Each bit doubles the guess count: 40 bits = ~10¹² guesses, 50 bits = ~10¹⁵, 70 bits = ~10²¹, 100 bits = ~10³⁰. Even a massively parallel attacker doing a trillion guesses per second takes about 36 years to exhaust 60 bits, and forever (on any human timescale) to exhaust 80+ bits. Bits are the right unit because attacks are exponential in length — doubling the passphrase length doubles the bits, squaring the search space.

Should I use separators?

Yes, when the service allows it. Separators make the passphrase easier to read aloud and harder for an attacker who's guessing whole-word concatenations without separators. Dashes and dots are nearly universally allowed in password fields; spaces are sometimes rejected but should be fine in most modern systems. The separator itself contributes no entropy (an attacker can guess it in microseconds) — the security comes entirely from the words. If a system won't accept separators, just run them together: 'correcthorsebatterystaple' has the same entropy as 'correct-horse-battery-staple'.