Passphrase Generator — Stronger and More Memorable Than Random Passwords

correct horse battery staple is more secure than Tr0ub4dor&3. It’s also far easier to remember. This is the core argument for passphrases, popularized by xkcd #936 and backed by information theory.

Use the Password Generator to generate both random passwords and passphrases.

Why passphrases are stronger than typical passwords

Information theory: bits of entropy

Password strength is measured in bits of entropy — the number of bits needed to represent the total number of possible values in the password’s space.

Entropy (bits) = log₂(character_space ^ password_length)

Random 8-character password using uppercase, lowercase, digits, symbols (95 printable ASCII characters):

Entropy = log₂(95^8) = 8 × log₂(95) = 8 × 6.57 ≈ 52.6 bits

Passphrase: 4 words from a 2,048-word list (Diceware-style):

Entropy = log₂(2048^4) = 4 × 11 = 44 bits

Passphrase: 4 words from a 7,776-word list (full Diceware):

Entropy = log₂(7776^4) = 4 × 12.9 ≈ 51.7 bits

Passphrase: 5 words from 7,776 words:

Entropy = 5 × 12.9 ≈ 64.6 bits

A 5-word Diceware passphrase has more entropy than a typical 8-character complex password, and far more than the Tr0ub4dor&3 style passwords that most people create when told to “use a complex password.”

The trick: the 5-word passphrase is directly memorizable. The 8-character complex password is not.

Human-chosen complexity is predictable

When people are told to make a complex password, they follow predictable patterns:

• Substitute letters: a→@, e→3, i→1, o→0
• Add a number at the end: password1, password123
• Capitalize the first letter: Password123!
• Use a dictionary word with modifications: P@$$w0rd

Password crackers account for these patterns. A cracker running leet-speak rules on a dictionary will try p@$$w0rd, Tr0ub4d0r, and variations like these in the first few minutes of a dictionary attack.

Random passphrases don’t follow patterns. correct horse battery staple is memorable to humans but doesn’t appear in any dictionary attack list because the combination is random.

How Diceware passphrases work

Diceware (invented by Arnold Reinhold, 1995) uses physical dice to select words from a numbered word list:

1. Roll 5 dice
2. Read the 5-digit number (e.g., 34562)
3. Look up that number in the Diceware word list
4. Repeat for each word in the passphrase

The Diceware word list has 7,776 words (6^5 = 7,776 — all possible combinations of 5 dice rolls). Each word contributes log₂(7776) ≈ 12.9 bits of entropy.

EFF’s Long Diceware Word List (2016): replaces some Diceware words with more recognizable, spell-safe words. Used in modern passphrase generators.

The Password Generator uses cryptographically secure random word selection equivalent to Diceware.

Passphrase length recommendations

“Cracking time” assumes an offline attack with fast hardware (say, a GPU cluster doing 100 billion guesses/second against a bcrypt hash). Online attacks are rate-limited and much slower — even 3-word passphrases are practically uncrackable for online attacks.

Word selection matters

Not all “random word selection” is equal. Common mistakes:

Using common English words only. If your “random” word pool is the 1,000 most common English words, each word provides only log₂(1000) ≈ 10 bits, and an attacker can exploit this to crack 4-word passphrases in hours.

Not using true randomness. Generating words with Math.random() in JavaScript or Python’s random module is not cryptographically secure. These use pseudorandom number generators (PRNGs) that are seeded with predictable values and can be predicted if an attacker knows the seed. Use crypto.getRandomValues() (browser) or secrets.randbelow() (Python) for passphrase generation.

Choosing words yourself. Humans are terrible at random selection. People gravitate toward words they think of first, toward consistent lengths, toward thematic coherence. Truly random passphrases sound random — “plank violin dusty echo” is random; “dog eats food here” feels like a phrase and is therefore more predictable.

Passphrase usability tips

Memory techniques

Random passphrases can be memorized using the “story method” — construct a vivid mental image connecting the words in sequence.

correct horse battery staple → imagine a correctional officer riding a horse that’s dragging a car battery, with a giant staple gun.

Absurd, specific mental images stick. Vague, generic ones don’t. The more specific and weird the image, the better it works.

Separator characters

Adding a separator between passphrase words increases entropy slightly and aids typing:

• correct-horse-battery-staple (hyphen)
• correct.horse.battery.staple (period)
• correct_horse_battery_staple (underscore)
• correct horse battery staple (spaces — works in most password fields)

Some password policies reject passphrases with spaces. Hyphens are the most universally accepted separator.

Capitalization and digits

For sites that require uppercase letters and digits in passwords, modify one word minimally:

• correct3Horse-battery-staple — append a digit to the first word, capitalize the next
• CorrectHorseBatteryStaple4 — PascalCase + trailing digit

Avoid substituting letters (e→3, a→@) — this doesn’t add meaningful entropy and makes the passphrase harder to type.

When to use random passwords vs passphrases

Use passphrases for:

• Primary email account password
• Password manager master password
• Computer login password
• Work accounts you log into daily
• Anything you need to memorize and type regularly

Use random passwords for:

• Accounts stored in a password manager (you’ll copy-paste, never type)
• Single-use or low-frequency accounts
• Service accounts and API keys (stored in a secrets manager, never typed)
• High-security systems where maximum entropy per character is required

The key insight: if you’re storing the password in a password manager, there’s no advantage to memorability. Use a 24-character random password. If you’re memorizing the password, a 5-word passphrase beats any “complex” password you can practically memorize.

Generating passphrases programmatically

Python (using secrets module — CSPRNG)

import secrets

# Simple word list example:
wordlist = ['apple', 'bridge', 'cloud', 'dance', 'eagle',
            'flame', 'grace', 'honey', 'index', 'jewel']
# In practice, use EFF's long wordlist (7776 words)

def generate_passphrase(num_words=5, separator='-'):
    words = [secrets.choice(wordlist) for _ in range(num_words)]
    return separator.join(words)

print(generate_passphrase())  # e.g., "flame-dance-bridge-cloud-apple"

JavaScript (browser, using Web Crypto API)

async function generatePassphrase(wordlist, numWords = 5, separator = '-') {
  const words = [];
  for (let i = 0; i < numWords; i++) {
    const randomIndex = crypto.getRandomValues(new Uint32Array(1))[0] % wordlist.length;
    words.push(wordlist[randomIndex]);
  }
  return words.join(separator);
}

// Usage with EFF wordlist:
const passphrase = await generatePassphrase(effWordlist, 5, '-');

The critical detail: crypto.getRandomValues() uses the operating system’s CSPRNG (cryptographically secure pseudorandom number generator). Never use Math.random() for security-relevant random selection.

Related tools

• Password Generator — generate passphrases and random passwords
• Hash Generator — hash passwords before storing
• JWT Decoder — inspect authentication tokens