What a passphrase is
It works by randomly picking unrelated words and joining them with a separator, like river-tiger-cloud-42. It's easier to type and remember than a random string while still being long enough.
The key is that the words are chosen at random, not by a person. This generator's passphrase mode does exactly that.
Why it's strong
A passphrase's entropy is roughly 'number of words × log2(word-list size)'. Picking just 4 random words from a large word list already reaches a level that's very hard to break by brute force.
How to make a good one
Tips for a secure passphrase.
- At least 4 words, and 5–6 for important accounts
- Always pick the words at random (don't choose them yourself)
- Join them with a separator like a hyphen or underscore
- Append a number or capital letter if needed to meet rule requirements
Common misconceptions
Famous quotes, song lyrics and proverbs are predictable and unsuitable as passphrases. Without randomness, a passphrase is weak no matter how many words it has.