What is a passphrase and why is it better than a random password?

A passphrase is a sequence of random words. It can have very high entropy - a 6-word EFF passphrase has roughly 77 bits - while being far easier to memorize and type than an equivalent string of random characters. The tradeoff is length: passphrases are longer, which matters if you must type them frequently on mobile.

Diceware is a method invented by Arnold Reinhold in 1995 that uses physical dice to select words from a numbered wordlist. Each roll of five dice produces a number between 11111 and 66666, which maps to one of 7776 words. The Electronic Frontier Foundation (EFF) published a more memorable variant of this wordlist in 2016. This tool uses the EFF wordlists and replaces the dice with crypto.getRandomValues.

Is the generated passphrase sent anywhere?

No. Word selection uses crypto.getRandomValues entirely within your browser tab. Nothing is uploaded or logged.

How many words do I need?

6 words from the EFF Long wordlist gives approximately 77 bits of entropy - enough to resist a trillion-guesses-per-second attack for billions of years. For most accounts stored in a password manager, 5 words is sufficient. For a master password or encryption key, use 7 or more.

Why are EFF wordlists used?

The EFF wordlists were chosen for memorability: words are common in English, there are no offensive or confusing terms, and each word is distinct enough that mistyping one letter is obvious. The wordlists are published under Creative Commons Attribution 3.0 - see the credits page for full attribution.

Passphrase Generator (Diceware)

What is Diceware?

Diceware is a passphrase generation method invented by Arnold Reinhold in 1995. The original technique uses five physical six-sided dice: rolling them once produces a five-digit number (e.g., 34152) which maps to a single word in a numbered wordlist of exactly 7776 entries. Repeating the process for each word in the passphrase gives a result with mathematically verifiable randomness. No computer required.

This tool replaces the physical dice with crypto.getRandomValues, the browser's CSPRNG. The result has equivalent statistical properties: each word is drawn uniformly from the wordlist, and each draw is independent. The entropy estimate shown is computed from the wordlist size and word count alone, with no dependence on the specific words chosen.

EFF wordlists

In 2016, the Electronic Frontier Foundation published revised Diceware wordlists designed for better memorability. Their long list (7776 words, matching the original five-dice format) replaces obscure terms and ambiguous words with common, concrete English vocabulary. Their short list (1296 words, four-dice format, 10.3 bits per word) is better suited to mobile typing where shorter words matter more. The EFF wordlists are licensed under Creative Commons Attribution 3.0. See the credits page for attribution.

How many words is enough?

At 5 words from the EFF Long list you get roughly 64 bits of entropy. That means a trillion-guesses-per-second attacker (offline, with a fast hash) would on average need hundreds of thousands of years to crack it, well beyond any practical threat model for a password manager entry. At 6 words (77 bits) you're safe against any foreseeable attack for any account, including master passwords. Add a 7th word for encryption keys or anything where the stakes are truly irreversible.

Passphrases versus passwords

A 6-word EFF passphrase and a 14-character random mixed-character password have comparable entropy. The passphrase wins on memorability (meaningful words in sequence are far easier to recall than a random string), but the random password is shorter and sometimes required by length-capped systems. For a password manager you type once per device, use a passphrase. For service accounts you manage programmatically and never type, use the random-character generator.

Entropy reference table

Word count (EFF Long list)	Bits of entropy	Estimated crack time at 1B guesses/sec
4 words	≈51 bits	~13 days (feasible for nation-states)
5 words	≈64 bits	~585 years (safe for most threats)
6 words	≈77 bits	~4.8 million years (very strong)
7 words	≈90 bits	~39 billion years (effectively uncrackable)

These times assume offline brute-force with fast hardware. Online login systems with rate limiting provide much stronger protection even at lower entropy.

Memorization techniques

The most effective method for remembering a passphrase is the story method: create a vivid, unusual mental narrative connecting your 5–6 words in sequence. The more bizarre and emotionally vivid the story, the more memorable it is.

Example passphrase: correct horse battery staple (the classic XKCD 936 example) -> visualize a horse riding a bicycle while wearing a correct school tie, carrying a battery that is stapled to a sign. The absurdity makes it stick. For links to mnemonic tools, see the Mnemonic Generator.

When NOT to use a passphrase

Some systems impose short maximum password lengths (16 or 20 characters is common, especially on older banking sites). A 6-word EFF passphrase averages about 30 characters and will be rejected by these systems.

In those cases, use a random character-based password generator and store the result in a password manager. Never truncate a passphrase to fit a length limit - a 4-word passphrase trimmed to 16 characters loses predictable entropy.