How to use
- Drag the Words slider to set how many words the phrase holds. It sits at five by default; the range runs from three to ten.
- Choose a Separator from the dropdown — hyphen is preselected because most password fields accept it. Space, dot, or none are the alternatives.
- Tick Capitalise each word or Append a digit if a site demands an uppercase letter or a number. Leave both off when nothing forces them.
- Press Generate new passphrase to draw a fresh set of words. One appears the moment the page loads, and any change to the slider, separator, or checkboxes redraws immediately.
- Use the Copy button above the output, then read the Entropy and Offline crack time stats below to confirm the phrase is strong enough for where it’s going.
How it works
The first time you generate, the browser fetches the EFF long wordlist — 7,776 words — and caches it for the rest of the page’s life. For each word position, the tool asks crypto.getRandomValues() for a uniformly random index into that list and reads out the word there. The words are joined with your chosen separator; a capital or trailing digit is layered on afterwards if you asked for one.
Strength is pure arithmetic, not a heuristic. Because every word is an independent, uniform draw from 7,776 options, each contributes log₂(7776) ≈ 12.9 bits. A five-word phrase therefore carries 5 × 12.9 ≈ 64.6 bits, meaning the process could have produced 7776⁵ ≈ 2.8 × 10¹⁹ equally likely results.
Worked through with real output: suppose the generator hands you marmalade-cranberry-hubcap-antler-glacier. Five words, hyphen-separated, no digit — 64.6 bits. The crack-time stat then assumes an offline attacker grinding 10¹⁰ guesses per second and reports the average hit, half the keyspace: 2⁶⁴·⁶ ÷ 2 ÷ 10¹⁰ seconds, which rounds to roughly 45 years. Slide up to six words and that same figure jumps past a thousand centuries, because each word multiplies the keyspace by 7,776.
Use cases & limitations
This is the tool to reach for when a person, not a machine, has to hold the secret: a password-manager master password, a laptop or full-disk-encryption login, a Wi-Fi key you’ll read aloud to a house guest, an SSH key passphrase. A run of ordinary words is far kinder to human memory and to phone keyboards than an equivalent block of random symbols, at the same or better entropy.
Two honest limits. First, length is the cost of memorability — a 64-bit passphrase is around forty characters of typing, where a random password reaches the same strength in a dozen. For anything a password manager stores and fills for you, the shorter password wins on every axis except recall. Second, the wordlist is fetched over the network the first time you generate, so a cold page with no connection can’t produce a phrase; once loaded, everything runs locally. If you only need a short numeric code rather than words, the PIN generator is the better fit, and you can pressure-test any phrase you settle on with the password strength checker.
Privacy note
Only the wordlist itself crosses the network, and only once — your browser downloads the 7,776-word file from our server the same way it downloads the page. Which words you actually draw is decided on your device by crypto.getRandomValues() and written straight into the output box. No passphrase, no slider position, and no copy action is ever transmitted, logged, or stored. Open your browser’s network tab and generate as many phrases as you like: after that first wordlist fetch, you’ll see nothing leave.