Passphrase Generator

How to use

1. 1Pick how many words you want (six is the common minimum, eight is recommended for vaults).
2. 2Choose a separator and capitalization style. Dash separated lowercase words are easy to type; Title Case helps when sites require mixed case.
3. 3Optional: tick Append a random digit or Append a random symbol when a form requires a number or special character.
4. 4Click Generate passphrases for a fresh batch of candidates. Use the inline Copy button on any phrase, or Copy all to grab the entire list.
5. 5Read the entropy in bits and the strength label on the right. Aim for 60 or more bits for online accounts and 80 or more for password managers and disk encryption.

About this tool

Passphrase Generator builds strong, memorable passwords by stringing together random words from a curated list of common English vocabulary, the approach popularized by EFF Diceware and the XKCD comic 'correct horse battery staple'. Each word is picked uniformly at random using crypto.getRandomValues, the browser's standard cryptographic source, so the result is genuinely unpredictable rather than seeded from Math.random. With around 11 bits of entropy per word, a six-word passphrase clears the 60-bit threshold most security guides recommend for online accounts, an eight-word passphrase clears 80 bits (the common bar for password managers, master vault passwords, and disk encryption), and ten or more words push you well into multi-decade territory even against fast unsalted hashes. The options on the left let you tune the output for the site you are using it on: pick the word count (3 to 12), choose a separator (dash, space, dot, underscore, or none for camel-style runs), set capitalization (lowercase, Title, UPPERCASE, or random per letter for sites that demand mixed case), and optionally append a random digit or symbol when a form rejects passphrases that have neither. The result panel shows a fresh batch of candidates with one-click copy, plus a live entropy reading in bits, a strength label from Weak through Extremely strong, and a crack-time estimate based on a pessimistic ten trillion guesses per second offline attack against an unsalted fast hash; real servers using PBKDF2, bcrypt, or argon2 slow attackers far below this rate, so the estimate is intentionally a worst-case bound. Word selection, randomness, and entropy math all run in your browser. Wordlist data, options, and generated phrases are never sent over the network, never logged, and never persist after you close the tab. Useful when you want a long, memorable password for a vault, a SaaS login, an email account, a Wi-Fi network, or anywhere you need to type the password by hand often enough that a random character string would be miserable.

Free to use. Works in your browser. No signup, no login.