About Passphrase Generator

Generates diceware-style passphrases from a 2048-word dictionary using crypto.getRandomValues() — the browser's cryptographically secure random number generator, not Math.random(). Each word contributes log₂(2048) = 11 bits of entropy. A 4-word passphrase gives 44 bits; a 6-word passphrase gives 66 bits. NIST 800-63B recommends passphrases over complex character-based passwords because they're both stronger (at typical lengths) and more memorable.

  • Uses crypto.getRandomValues() for cryptographically secure word selection — not Math.random()
  • Entropy per word: log₂(2048) = 11 bits. 4 words = 44 bits, 6 words = 66 bits, 8 words = 88 bits
  • Optional 2-digit number suffix adds ~6.6 bits of entropy
  • Separator choice (space, dash, dot, underscore, none) does not affect entropy since separators are known to an attacker
  • All generation happens in your browser — passphrases are never transmitted anywhere

Frequently Asked Questions

How is this different from the password generator?
The password generator creates random character strings (e.g. "kX7!mQ2p"). This tool creates word sequences (e.g. "Forest-River-Maple-Dawn"). Word-based passphrases are easier to remember and type, and can achieve equivalent or higher entropy at practical lengths.
How many words should I use?
4 words (44 bits) is adequate for most accounts with rate-limited logins. Use 5–6 words (55–66 bits) for accounts without rate limiting or for password managers. NIST 800-63B recommends passphrases of at least 15 characters; a 4-word passphrase typically exceeds that.

More Generators Tools

All Generators tools