Pronounceable Password Generator

How to use

1. 1Set the number of syllables. Four reads like a short word; use six or more for important accounts to keep the entropy high.
2. 2Pick a capitalization style. First letter or each syllable adds readable capitals; random per letter satisfies strict mixed-case rules.
3. 3Add trailing digits and symbols if a site requires a number or special character, using the two sliders.
4. 4Click Generate passwords for a fresh batch. Use the inline Copy button on any password, or Copy all to grab the whole list.
5. 5Check the entropy in bits and the strength label, which are measured from the pattern rather than the alphabet, so they do not overstate pronounceable passwords.

About this tool

Pronounceable Password Generator builds passwords from invented but speakable syllables, so the result reads like a short made-up word you can actually say and remember (for example Tanoke, Vidulo, or Pelaron) instead of an unreadable string like x7$Kp9!q. It sits deliberately between the two other password tools here: the Password Generator picks every character at random, which is maximally strong but impossible to memorize, while the Passphrase Generator joins whole dictionary words in the 'correct horse battery staple' style. This tool takes a third route that is popular with the classic pwgen and FIPS-181 style generators: each syllable is a randomly chosen consonant group followed by a randomly chosen vowel group, drawn from curated sets that include common digraphs like ch, sh, tr, and oo, so every output flows when you read it aloud and is easy to type by hand. Every byte of randomness comes from crypto.getRandomValues, the browser's standard cryptographic source, not Math.random, so the passwords are genuinely unpredictable. The most important difference from most pronounceable generators online is honesty about strength. A pronounceable password draws from a much smaller keyspace than a random one of the same length, because the structure removes most letter combinations, and reporting alphabet-size entropy would badly overstate it. This tool instead measures the actual generating process, counting the real number of choices at each step (which consonant group, which vowel group, each appended digit and symbol, and per-letter case when random capitalization is on) and summing log2 of each, so the bits shown are what an attacker who knows the pattern would truly face. The options let you set the syllable count (2 to 8), choose capitalization (lowercase, first letter, the start of each syllable for camel-style readability, or random per letter), and append up to four digits and up to four symbols at the end to satisfy sites that demand a number or special character without ruining the word part. The result panel shows a fresh batch of candidates with one-click copy, a live entropy reading, a strength label from Weak through Extremely strong, and a crack-time estimate based on a pessimistic ten trillion guesses per second offline attack against a fast unsalted hash; real servers using bcrypt, scrypt, argon2, or PBKDF2 slow attackers far below that, so treat the estimate as a worst case. Because pronounceability trades some raw strength for memorability, use six or more syllables for important accounts and never reuse a password across sites. Generation, randomness, and entropy math all run in your browser, so no password and no setting ever leaves your device.

Free to use. Works in your browser. No signup, no login.