Generate strong, memorable passphrases from random words. Easier to remember, just as secure as random characters.
Use ⌘ + D to bookmark this toolA passphrase is a sequence of random words used as a password. Instead of a string of random characters like "x7#kQ9$mP", you get something like "correct-horse-battery-staple" — much easier to remember, yet equally secure (or even more secure due to length).
The concept was famously illustrated by XKCD comic #936. A 5-word passphrase from a 7,776-word list provides approximately 64 bits of entropy — equivalent to a 10-character random password using all character types.
| Type | Example | Entropy | Memorability | Crack Time |
|---|---|---|---|---|
| 8-char password | Xy7#kP2m | 48 bits | Poor | ~1 year |
| 12-char password | qM8$vL3nRx!p | 79 bits | Very poor | 34,000 years |
| 4-word passphrase | correct-horse-battery-staple | 52 bits | Excellent | ~3 hours |
| 5-word passphrase | marble-sunset-kitchen-pilot-crane | 64 bits | Excellent | ~46 minutes* |
| 6-word passphrase | zebra-quantum-fuzzy-widget-ocean-lamp | 77 bits | Good | ~550 years |
* Crack times assume 10 billion guesses/sec against a fast hash (MD5). With proper hashing (bcrypt, Argon2), times increase by orders of magnitude.
marble-sunset-kitchen-pilotkX9#mQ2$vL3nOur passphrase generator aligns with NIST Special Publication 800-63B — the U.S. federal standard for digital identity authentication. Key requirements met:
Generate strong, random passwords with customizable length, character sets, and options.
Generate multiple unique passwords at once. Perfect for IT admins and account provisioning.
Generate cryptographically secure API keys, tokens, and secrets in multiple formats.
Generate strong, easy-to-share WiFi passwords for your home or office network.
Create a scannable QR code for your WiFi network. Guests connect instantly.
Generate cryptographically random PIN codes. Perfect for device locks and access codes.
Test how strong your password is. See estimated crack time, entropy, and suggestions.
Generate MD5 hashes from any text. Useful for checksums, cache keys, and legacy system compatibility.
Generate SHA-512 hashes using the native Web Crypto API. 512-bit security for signatures and integrity.
At least 5 words for strong security (~64 bits of entropy). Use 6-7 words for high-security accounts. Each additional word multiplies the difficulty of cracking by 7,776x.
We use a curated list of common English words. Each word is selected from a pool of 7,776 words, matching the EFF's recommended diceware standard.
It adds a small amount of extra entropy but isn't necessary if you use enough words. Adding a number and symbol can help meet specific site requirements that demand mixed character types.
They'd need to guess the exact combination. With 5 random words from 7,776, there are 7,776^5 ≈ 28 trillion combinations. At 10 billion guesses/sec, that takes over 46 minutes — and 6 words takes 250 days.
A passphrase can be equally or more secure than a traditional password, depending on word count. A 6-word passphrase provides ~77 bits of entropy — comparable to a 12-character random password — while being far easier to remember.
Yes. NIST SP 800-63B recommends using memorized secrets of sufficient length and discourages arbitrary composition rules (like requiring uppercase + symbol). Passphrases of 3+ random words exceed the minimum 64-bit entropy threshold.