Passphrase Generator

Generate memorable passphrases using random words with custom separators and capitalization (XKCD method)

Passphrase Generator

Word Count

4 words

3 (short) 10 (very long)

Separator

Dash (-) Space ( ) Dot (.) Numbers (42)

Settings

Capitalize Words

First letter of each word uppercase

Auto-Copy

Copy automatically on generate

Security: 4 words ≈ 44 bits of entropy. Each additional word adds ~11 bits!

How to Use Passphrase

1 Select how many words (3-10 words)
2 Choose a separator: dash, space, dot, or random numbers
3 Enable "Capitalize" for CamelCase style
4 Click "Generate" for a new passphrase
5 Passphrases are easy to type and remember!

What You Get

Random words from a 2000-word dictionary. Each word adds ~11 bits of entropy. 4 words ≈ 44 bits, 6 words ≈ 66 bits.

Input: 4 words, dashes

Output: correct-horse-battery-staple

Input: 5 words, capitalize

Output: Tiger-Mountain-River-Garden-Castle

What is a passphrase and why is it secure?

A passphrase uses random words instead of characters. With 2000 words, 4 words = 2000^4 = 16 trillion combinations. Each word adds about 11 bits of entropy.

How many words should I use in a passphrase?

4 words minimum for casual use. 5-6 for important accounts. 7+ for master passwords or high-security needs.

Is this the XKCD correct horse battery staple method?

Yes. Inspired by XKCD comic #936. Random word combinations are both memorable and highly secure.

Can I use a passphrase for my master password?

Yes, passphrases are ideal for master passwords. They are easy to type and remember while being very secure.

What separator should I use between words?

Dashes are common and easy to type. Spaces, dots, or numbers also work. The separator adds slight extra entropy.

Should I capitalize words in my passphrase?

Optional. Capitalizing first letters adds convenience for some interfaces but minimal extra security. Random words are the key to security.

How long is a 4-word passphrase compared to a regular password?

About 20-30 characters typically. A 4-word passphrase has about 44 bits of entropy, equivalent to a random 8-character password with all types.

Is my passphrase stored anywhere?

No. Generated 100% locally in your browser using cryptographic randomness. Nothing is ever sent to any server.

Secure String PIN Code

Passwords are generated locally in your browser. Nothing is sent to our servers.