Generate a Random Passphrase

Passphrases vs Passwords

A passphrase is a sequence of randomly selected words used as a password. Instead of k9$Rm2!pX7, a passphrase looks like:

correct horse battery staple

This concept was popularized by the XKCD comic #936 and has since been endorsed by security researchers and organizations including NIST.

Why Passphrases Work

A passphrase draws words from a wordlist. With a standard list of 7,776 words (the Diceware list):

Words	Entropy	Equivalent Password
4 words	51.7 bits	~8 random chars
5 words	64.6 bits	~10 random chars
6 words	77.5 bits	~12 random chars
7 words	90.5 bits	~14 random chars

Six words provides strong security while remaining memorizable.

Key Advantages

1. Memorability — humans remember words far better than random character strings
2. Typing speed — words are faster to type than mixed-case symbols
3. Error resistance — fewer typos compared to passwords like k9$Rm2!pX7
4. Length — passphrases are naturally long (30-50 characters), which helps even if individual words are guessable

Word Selection Criteria

The security of a passphrase depends entirely on random word selection:

• Use a CSPRNG to select word indices — never let humans pick the words
• Use a curated wordlist — short, common, easy-to-spell words
• Avoid proper nouns — they reduce effective dictionary size
• Each word must be independently random — no phrases, no related words

Separator Options

Words can be separated by different characters:

correct horse battery staple        (spaces)
correct-horse-battery-staple        (hyphens)
correct.horse.battery.staple        (dots)
CorrectHorseBatteryStaple           (PascalCase)

The separator choice does not significantly affect security since attackers assume common separators.

Recommended Configuration

Word count:    5-7 words
Wordlist size: 7,776 words (Diceware)
Separator:     Space, hyphen, or period
Optional:      Capitalize first letter of each word
Optional:      Append a random digit