Secure passphrase generator
Generate a memorable multi-word passphrase using cryptographically secure randomness. Nothing is transmitted — generation happens entirely in your browser.
Choose a word count, pick a separator, then hit Generate. Five or more words is recommended for most accounts.
Passphrase generator
Word count
Separator
Style
—
How this tool works
Each word is chosen independently using crypto.getRandomValues(),
which produces unpredictable numbers from the OS entropy pool. The word index is derived
from those numbers using rejection sampling (no modulo bias). The 450-word list embedded in
the page gives roughly 8.8 bits of entropy per word.
Entropy compounds with each word: five words ≈ 44 bits, six ≈ 53 bits. Crack time estimates assume an attacker can make 1 billion guesses per second offline — the approximate speed of a powerful GPU cluster on a fast hashing algorithm. Accounts with login rate-limiting are far harder to crack in practice.
About this tool
Generates memorable passphrases in the "Correct-Horse-Battery-Staple" style using window.crypto.getRandomValues() — the browser's cryptographically secure random number generator. Choose 4–7 words, pick a separator, and see the entropy and estimated crack time for each result.
Frequently asked questions
Is this truly random and secure?
Yes. The generator uses window.crypto.getRandomValues(), which is the browser's cryptographically secure pseudo-random number generator (CSPRNG) — the same source used for generating TLS session keys. No server is involved. Your passphrase is generated locally and never transmitted anywhere.
Why use a passphrase instead of a random character password?
Random character passwords (like "X#4zQp!9") are compact but very hard to remember without a password manager. Passphrases trade a small amount of density for dramatically better memorability — most people can commit "surge-wolf-anvil-frost" to memory without writing it down. Both are secure at equivalent entropy.
How many words do I need?
5 words gives roughly 44 bits of entropy — adequate for most website accounts, especially ones with rate-limited login. 6 words gives ~52 bits, which is strong for general use. For a master password or an account with no lockout protection, use 6 or 7 words.
What word list does this use?
A curated list of 450 common English words — short, easy to spell, easy to pronounce, and unambiguous. The list is embedded in the page. You can view it in the browser console (window.WORDS).