Security

Passphrase Generator

Generate secure passphrases from random words. Ideal for master passwords and encryption keys you need to memorize. Free, browser-based, no signup.

About this passphrase generator

A passphrase is a password made of multiple random words — like "marble-sunset-notebook-river" — instead of a string of random characters. The concept was popularized by the XKCD comic "correct horse battery staple" and formalized by the Diceware method. Passphrases solve a specific problem: they provide high entropy while remaining memorable enough to type without a password manager. A four-word passphrase from a large word list provides roughly 50-60 bits of entropy; six words provides 75-90 bits. The trade-off is length — passphrases are typically 20-40 characters long but far easier to remember than a 16-character random string. Use passphrases for your password manager master password, full-disk encryption passphrase, or any credential you must memorize. For everything else, use a shorter fully random password stored in your manager.

The origin and security of the Diceware method

The Diceware method was created by Arnold Reinhold in 1995 as a way to generate passphrases with provable, verifiable randomness using nothing more than physical dice and a published word list. The original Diceware list contains 7,776 words — exactly 6^5, the number of possible outcomes from rolling five dice. Each word has a unique 5-digit index (11111 through 66666), and the selection process is simple: roll five dice, note the number, look up the corresponding word. Repeat for each word in the passphrase. The entropy is mathematically certain: each word contributes log₂(7,776) ≈ 12.9 bits, and four words give ~51 bits while six words give ~77 bits. The EFF (Electronic Frontier Foundation) released an improved Diceware word list in 2016 using more common English words and eliminating potentially offensive entries, making the passphrases easier to type and remember without reducing security. Both lists are published openly and audited by the security community.

Calculating passphrase entropy

Passphrase entropy depends on the size of the word list and the number of words, not the length in characters. This is a crucial distinction from character-based passwords. With the EFF Diceware list of 7,776 words, each word contributes log₂(7,776) ≈ 12.9 bits of entropy. Four words: ~51 bits. Five words: ~64 bits. Six words: ~77 bits. Seven words: ~90 bits. Compare this to character-based passwords: a 12-character random password with full ASCII provides ~79 bits. A 6-word passphrase (~77 bits) is approximately equivalent in entropy. The key difference is that 6 words are far easier to memorize than 12 random characters. Adding a random number between some words adds approximately 3-4 bits per digit; adding a symbol adds approximately 5-6 bits. A 6-word passphrase with two embedded numbers and a symbol provides roughly 85-90 bits — comfortably strong for a master password that is subject to offline attack.

Passphrases for full-disk encryption

Full-disk encryption (FDE) protects all data on a drive if it is stolen or the device is lost. On Linux, LUKS (Linux Unified Key Setup) is the standard; on macOS, FileVault uses a passphrase to protect the volume encryption key; on Windows, BitLocker uses a PIN or recovery key. The passphrase for FDE deserves special attention because the encrypted volume can be copied and attacked offline — an attacker who obtains the encrypted disk can attempt to guess the passphrase without any lockout mechanism, testing millions of candidates per second with GPU acceleration. A 6-word passphrase provides ~77 bits of entropy, which against current GPU cracking rates would take thousands of years to exhaust. A 4-word passphrase (~51 bits) is less safe — with dedicated hardware, 51-bit keyspaces have been exhausted in academic demonstrations. For full-disk encryption specifically, six words is the practical minimum, and adding numbers and a symbol to reach 85-90 bits is recommended.

Using passphrases with two-factor authentication

Even the strongest passphrase benefits from a second authentication factor, particularly for accounts that are accessed over the internet. Two-factor authentication transforms the security model: instead of requiring an attacker to guess the passphrase alone, they must simultaneously possess both the passphrase and a physical device (phone or hardware key) — a far harder combination to achieve. For a password manager with a passphrase master password, some managers (Bitwarden, 1Password) support 2FA for vault access. This is highly recommended: even if someone learns your master passphrase (shoulder surfing, a compromised device), they cannot access the vault without your second factor. For full-disk encryption and computer login passphrases, 2FA integration is less common but some enterprise configurations support smart card or hardware token requirements alongside a passphrase. At minimum, ensure that the device itself (the laptop or phone) has physical security appropriate to its risk level.

Teaching passphrases to people new to security

Passphrases are one of the most approachable security concepts for people who find complex random passwords intimidating. The idea that "four random words is more secure than a complex-looking short password" is counterintuitive to many people, but once explained with examples it tends to be memorable and motivating. Security trainers and IT departments often use passphrases as an entry point to better password habits because they are immediately actionable: anyone can generate four random words from a physical dictionary and start using a stronger password today. Family members who struggle with complex passwords benefit from passphrases — a parent or grandparent can memorize "purple-table-river-lamp" far more reliably than "xK#9mQ$2". The usability advantage means people actually use them correctly rather than reverting to weak passwords out of frustration. For IT professionals training non-technical colleagues, starting with passphrase education and a free password manager installation provides an immediate and lasting security improvement.

FAQ

Common questions

How many words should my passphrase have?

At least four words for moderate security (~50-60 bits). Six words for high security (~75-90 bits). For a password manager master password, six words is the recommended minimum.

Should I add numbers and symbols to a passphrase?

Adding a number and symbol (e.g., "marble-sunset7-notebook!river") increases entropy by roughly 10-15 bits and makes the passphrase resistant to pure dictionary attacks. It is a worthwhile addition for minimal memorability cost.

Is a passphrase stronger than a regular password?

Per character, no — passphrases have lower entropy density. But a 6-word passphrase (~77 bits) that you can actually remember and type correctly is far more practical than a 12-character random string (~79 bits) that you will write on a sticky note.

What word list should passphrases use?

The EFF Diceware list (7,776 words) is the standard. Each word contributes ~12.9 bits of entropy. Avoid using common phrases, song lyrics, quotes, or personally meaningful words — the words must be randomly selected.

Can I use a passphrase for accounts other than my master password?

Yes, but it is not the most efficient choice for stored passwords. A passphrase is 20-40 characters long — if a password manager stores it, a 16-character random string provides comparable security in far fewer characters. Reserve passphrases for credentials you must memorize.

Why is the Diceware method considered more trustworthy?

Diceware uses physical dice to introduce genuine physical randomness, independent of any software random number generator. Each die roll cannot be predicted or influenced by software bugs or biases. The result is provably random word selection from a published, audited word list, making the entropy calculation verifiable and trustworthy.

How do I create a Diceware passphrase manually?

Roll five standard dice and read the five-digit number (e.g., 2-4-1-6-3 = 24163). Look up that number in the EFF Diceware word list to find the corresponding word. Repeat for each word in your passphrase. Five dice rolls per word, six words minimum. The result is a provably random passphrase with ~77 bits of entropy.

Are multi-word passphrases vulnerable to phrase-guessing attacks?

Only if the words are chosen in a predictable pattern (common phrases, song titles, quotes). Randomly selected words from a large word list — where each word is independent of the others — are not vulnerable to phrase guessing. An attacker would need to try every combination of words from the list, which for 6 words from 7,776 is 7,776^6 ≈ 2.2 × 10^23 combinations.