Security guide

Passphrases: Easy to Remember, Strong to Crack

A passphrase is a password made by joining several randomly chosen words, capturing both strength and memorability.

What a passphrase is

It works by randomly picking unrelated words and joining them with a separator, like river-tiger-cloud-42. It's easier to type and remember than a random string while still being long enough.

The key is that the words are chosen at random, not by a person. This generator's passphrase mode does exactly that.

Why it's strong

A passphrase's entropy is roughly 'number of words × log2(word-list size)'. Picking just 4 random words from a large word list already reaches a level that's very hard to break by brute force.

How to make a good one

Tips for a secure passphrase.

  • At least 4 words, and 5–6 for important accounts
  • Always pick the words at random (don't choose them yourself)
  • Join them with a separator like a hyphen or underscore
  • Append a number or capital letter if needed to meet rule requirements

Common misconceptions

Famous quotes, song lyrics and proverbs are predictable and unsuitable as passphrases. Without randomness, a passphrase is weak no matter how many words it has.

Back to guides