Memorable Passphrase Generator

Generate a passphrase or paste any password to test - everything runs in your browser, nothing is stored or transmitted.
Entropy -
0 bits
 
Crack time (offline, 100B guesses/sec)
-
6
Passphrase Tips
  • 6+ words for general use, 7+ for masters
  • Use for password manager master key
  • Never reuse across accounts
  • Avoid adding personal info to the phrase

Diceware Passphrases - Memorable and Strong

A passphrase strings together random words from a large list. Six random words from the EFF Large list - 7,776 entries - give you about 77 bits of entropy. That is stronger than a 12-character random password, and far easier to type or remember.

Per-Character vs Per-Word

A random printable-ASCII password packs about 6.57 bits per character (log2 of 95). An EFF Large word packs 12.92 bits, but a word averages six characters - so a passphrase carries roughly 2.15 bits per character. Character for character, a random password wins on raw entropy. Paste a 16-character random string into the tool and you will see something north of 100 bits. A six-word passphrase shows 77.

That comparison is the wrong frame. The axis that matters for the secrets you hold in your head is bits per unit of memorisation effort. Six unrelated words go into long-term memory after a few days of typing them. Sixteen unrelated symbols do not - they live in a password manager, and almost nobody recalls them without help.

Where the Strength Actually Sits

If you are typing the password by hand and storing it nowhere, six EFF words and a 12-character random string land at roughly the same place: about 77 bits. The passphrase is much easier to memorise correctly. Use it for the few secrets you must hold in head - the master password to your manager, full-disk encryption, the passphrase on your SSH key.

For everything else, the manager generates a 16+ character random per site. You never type or remember it, so the extra entropy is free. Trying to memorise 16-character randoms by hand almost always backfires - the human substitute looks like Spring2024! and has perhaps 30 real bits, not the 105 a calculator would claim for the random version.

How Strength Is Calculated

Paste any string into the input and the tool picks one of two entropy models. If the string parses as a diceware passphrase - tokens separated by common delimiters that match the EFF Large list - it uses n_words × log2(7776) bits plus small bonuses for capitalisation, appended digits, and symbols. Otherwise it falls back to charset bruteforce: length × log2(charset_size) across whichever character classes appear.

Crack time assumes 100 billion guesses per second - GPU clusters against fast hashes like MD5 or SHA-1. Bcrypt or Argon2id push that figure down by four orders of magnitude or more, but if a password store leaks with weak hashing, this is the rate you want to design against.

Best Practices

  • Use at least 6 words for general use, 7+ for high-value accounts
  • Pick the EFF Large list - words are unambiguous and easy to type
  • Generate, do not invent - human-chosen words have predictable patterns
  • Store in a password manager unless it is your master passphrase
  • Enable two-factor authentication wherever supported

Related Tools

Password Generator Hash Generator HMAC Generator UUID/GUID Generator

Passphrase Questions

Length wins, and words are easier to remember than random characters. Six EFF Large words give roughly 77 bits of entropy - stronger than a 12-char random password, and you can actually type it from memory.

Six is the sweet spot for general use - about 77 bits of entropy, takes centuries to crack offline. Seven or eight for password manager master keys, disk encryption, and anything truly critical. Four words is too few in 2026.

A curated list of 7,776 unambiguous English words built by the Electronic Frontier Foundation for diceware passphrases. Words are 3-9 letters, easy to type, and chosen to minimise typos. Each word adds about 12.9 bits of entropy.

Yes. Word selection uses the browser's Web Crypto API for cryptographically secure randomness. The word list and generation run entirely in your browser - check DevTools, nothing leaves your machine.

Memorise the one passphrase that unlocks your password manager. Everything else - let the manager generate and store strong unique passwords per site. One memorable passphrase, hundreds of random passwords behind it.