Skip to content

Passphrase Generator

Create a random passphrase of 3 to 12 words drawn from the EFF short wordlist, Diceware style, using your browser's own cryptographic randomness. Every word adds 10.3 bits of entropy, so the default six words gives about 62 bits. Nothing is sent anywhere; generation happens on your device.

Ready0 bits · cracked in

Words come from the EFF short list of 1,296. Easy to say, hard to guess.

Separator
Works offline Web Crypto randomness Nothing stored or sent

What a passphrase is and why random words win

A passphrase is a password built from whole words instead of scrambled characters, with each word chosen at random from a fixed list. Six words from this generator's 1,296 word list carry about 62 bits of entropy, more than an 8 character random password, and you can actually type them on a phone.

The idea comes from Diceware, a method from the 1990s where you roll dice and match the numbers against a printed wordlist. Physical dice are hard to bias, which is the whole point. The words themselves mean nothing; they are just a human friendly way to write down a very large random number.

This page keeps the math and drops the dice. Words come from the EFF short wordlist and are selected with crypto.getRandomValues, the same browser API our strong password generator uses for random character strings. Rejection sampling removes the slight bias a naive modulo would introduce, and no network request fires during generation.

Why do words beat a short scramble? Because memory and typing are the real constraints. A random 8 character password like Kw2#pV9! holds 51 bits and is nearly impossible to keep in your head. Six random words hold 62 bits, and after typing them a dozen times you will know them cold. When a password manager does the remembering, random characters are still the better pick. Passphrases exist for the passwords a machine cannot type for you.

How much strength each word adds

Each word drawn at random from a list of 1,296 adds 10.3 bits of entropy (log base 2 of 1,296). Word count is the only setting that really matters: three words is 31 bits, five is 52, seven is 72. Against an offline attacker, that is the gap between under a second and about 10,000 years.

WordsEntropyOffline crack time
331 bitsUnder a second
441 bitsAbout 2 minutes
552 bitsAbout 2 days
662 bitsAbout 8 years
772 bitsAbout 10,000 years

Crack times assume an offline attacker testing 10 billion guesses per second who finds the passphrase halfway through the keyspace, the same model we use across the site.

Those are worst case numbers. They apply when someone has stolen a password database and can hammer the hashes on their own hardware. A live login form limits attempts and locks accounts, which slows guessing by a factor of millions, so even a four word passphrase holds up well against online attacks. Plan for the offline case anyway; breaches happen often enough that you should assume your hash will leak eventually.

One more honest note: these estimates assume the attacker knows exactly which wordlist you used. The numbers do not depend on the list staying secret, only on the words being chosen at random, and that is what makes them trustworthy. For a closer look at how crack times are calculated, see our guide on how long a password should be.

Looking for a 3 word password generator?

You are in the right place: drag the word slider above down to 3 and this becomes one. Be aware of the trade, though. Three random words is about 31 bits of entropy, which an offline attacker at 10 billion guesses per second exhausts in under a second.

That does not make three words useless. Against a rate limited login form, 31 bits still means millions of failed attempts before a likely hit, so a throwaway forum account or a one time signup will survive. The problem is any account tied to your identity or your money. Your email account can reset every other password you own, so it deserves the same protection as your bank.

Our advice: 3 words for accounts you would not miss, 5 words as the floor for anything real, and 6 or 7 for the passwords that guard everything else. If a site's length limits make a long passphrase awkward, our memorable password generator builds shorter pronounceable passwords that still come from real randomness.

Where passphrases work best

Use a passphrase for anything you type by hand or must keep in your head: your password manager's master password, laptop and phone logins, disk encryption, and Wi-Fi. For the hundreds of accounts a manager autofills, stick with random character strings, which pack more strength into fewer characters.

The master password is the classic case. It is the one password you cannot store in the manager itself, you type it every day, and everything else depends on it. CISA's guidance accepts a memorable passphrase of 4 to 7 unrelated words as an alternative to a 16 character random password. For this particular job, take 7.

Wi-Fi keys are another natural fit. WPA2 and WPA3 accept 8 to 63 printable characters, a five or six word passphrase sits comfortably in that range, and a guest can read it off a note card without asking you to repeat it four times. Our Wi-Fi password generator covers the router specific details, including why WPA2 networks need longer keys than WPA3.

Separators, capitals, and the added digit

The separator buttons (hyphen, period, space, and the rest) exist for readability and compatibility, not strength. Cracking tools try the common separators automatically, so switching from hyphens to periods adds almost nothing. The same goes for the capitalize switch: predictable capitalization is worth a bit or two at most.

So why offer them? Site rules. Plenty of login forms refuse any password without an uppercase letter or a digit, so the generator can capitalize each word and tack a random digit onto one of them. Treat those switches as compliance tools. When you actually want more strength, add a word; each one is worth 10.3 bits, more than every formatting option combined. For a fuller comparison of the two styles, read our passphrase vs password guide.

Questions? Say less.

How many words should a passphrase have?

Five words (52 bits of entropy) is the sensible floor for accounts that matter, and six (62 bits) is our default because it survives about 8 years of offline guessing at 10 billion attempts per second. For a password manager master password or disk encryption, go to seven words, which pushes the estimate past 10,000 years.

Is a 3 word password safe?

Not for anything important. Three words from a 1,296 word list is about 31 bits of entropy, and an offline attacker testing 10 billion guesses per second gets through that in under a second. It holds up against rate limited login forms, so a throwaway account is fine, but email and banking deserve five words or more.

What is the difference between a passphrase and a password?

A password is a string of individual characters, usually random ones like V9df#kQ2. A passphrase strings together whole words picked at random from a list. Character passwords pack more entropy per character, while passphrases pack more entropy per second of typing and are far easier to remember. Both are strong if generated randomly and made long enough.

Why can't I choose my own words?

Because people pick predictably. Favorite animals, song lyrics, and household objects show up constantly in cracked password dumps, and attackers run tools that try common word combinations first. All of the strength in a passphrase comes from random selection off the full 1,296 word list. Pick the words yourself and the math on this page no longer applies.

Do separators and capital letters add strength?

A little, not much. Capitalizing each word or switching the separator adds a few bits at best, since cracking tools test those variations automatically. One extra word adds a full 10.3 bits, more than every formatting trick combined. Use separators for readability, use capitals and a digit to satisfy site rules, and add a word when you want real strength.

What wordlist does this generator use?

The EFF short wordlist: 1,296 words, each between three and five letters, screened to remove confusing or unpleasant entries. Because 1,296 is 6 to the fourth power, every word carries about 10.3 bits of entropy, the same as four rolls of a die. You can read the full list and its design notes at eff.org.

Is this a diceware generator?

Same method, different dice. Classic Diceware has you roll physical dice and look up words on a numbered list. This page draws numbers from your browser's crypto.getRandomValues instead, with rejection sampling so every word has an identical chance. No network request happens during generation, which you can confirm in the DevTools Network tab.

Your next password takes two seconds.

Free, instant, and private. Generate a strong one now and drop it straight into your password manager.

Generate a password