What Is a Passphrase and Why Should You Use One?
A passphrase is a sequence of randomly selected words joined by a separator character. Unlike traditional passwords composed of jumbled letters, numbers, and symbols, passphrases leverage the vast combinatorial space of human language to create credentials that are both highly secure and genuinely memorable. The concept was popularized by the XKCD webcomic, which demonstrated that four common English words chosen at random can exceed the entropy of a shorter but more complex password.
The reason passphrases work so well is rooted in information theory. The EFF publishes two diceware lists β a 1,296-word small list (about 10.34 bits per word) and a 7,776-word large list (about 12.92 bits per word). For maximum memorability, this tool uses a curated 300-word subset where each word contributes approximately 8.23 bits of entropy. The honest trade-off: about four bits less per word than the EFF large list, in exchange for shorter and more familiar words. With our list, a four-word passphrase delivers around 33 bits, five words reaches about 41 bits, six words about 49 bits, and seven words about 58 bits. To match a longer EFF-large passphrase, just add a couple more words from our list.
The Diceware Method Explained
Diceware is a technique invented by Arnold Reinhold in 1995. The original method involves rolling five physical dice to produce a five-digit number, then looking up that number in a word list to find the corresponding word. By repeating the process several times you build a passphrase word by word. Because each die roll is physically random, the resulting passphrase is free from the cognitive biases that weaken human-chosen passwords.
Our tool replicates the diceware principle digitally. Instead of rolling dice, we call the Web Crypto API to obtain cryptographically secure random numbers, which are then mapped to words in our curated word list using an unbiased rejection-sampling algorithm. The result is identical in quality to a physical dice roll β but instantaneous and repeatable with a single click. Every word is selected independently, ensuring the full entropy of the list is preserved.
How Many Words Do You Need?
The number of words in your passphrase directly determines its strength. As a general guideline, three words is the minimum for any use, but four words is the practical starting point for most online accounts. For sensitive applications like your primary email, password manager master password, or full-disk encryption key, five to six words is recommended. If you are protecting classified or high-value assets, consider seven or eight words.
Keep in mind that adding a single word to your passphrase multiplies the total number of possible combinations by the size of the word list. Going from four words to five words with a 300-word list multiplies the search space by 300 β far more effective than adding a random digit or symbol to the end. When in doubt, add another word rather than making the passphrase more complex with special characters.
Passphrase Best Practices
Always generate your passphrase using a cryptographic random source rather than picking words yourself. Humans are notoriously poor at choosing random words and tend to select related or common words, drastically reducing entropy. Use a different passphrase for every account. While passphrases are easier to remember than random strings, a password manager is still the best way to handle dozens of unique credentials.
When choosing a separator, hyphens are the most popular option because they are easy to type on any keyboard layout, including mobile devices. Avoid using a separator that might conflict with the service's password rules β some systems disallow spaces, for example. Finally, never share your passphrase with anyone or store it in plain text. If you must write it down temporarily while memorizing it, keep the note in a physically secure location and destroy it once you have committed the passphrase to memory.
Real-World Passphrase Examples and Their Strength
The abstract entropy numbers become concrete when you put them next to a stopwatch. The table below shows several passphrase configurations alongside the brute-force time at 100 billion guesses per second, which approximates a well-funded attacker running optimized GPU code against a fast hash like SHA-256. Times against slower hashes such as bcrypt or Argon2 would be thousands of times longer.
| Example | Words / List | Entropy | Crack Time |
|---|---|---|---|
cat-dog-fish | 3 / our 300 | ~24.7 bits | Seconds |
otter-glide-rapid-vault | 4 / our 300 | ~33 bits | Under a second on a fast hash |
cedar-ribbon-lattice-marsh-cobalt | 5 / our 300 | ~41 bits | ~3.5 minutes |
otter-glide-rapid-vault-cone-ridge | 6 / our 300 | ~49 bits | ~16 hours |
7 words from our list | 7 / our 300 | ~58 bits | ~9 years |
7 EFF-large words (reference) | 7 / EFF 7,776 | ~90.5 bits | ~570 million years |
Two things stand out. First, with our 300-word list a four-word passphrase falls almost instantly against a fast unsalted hash; the trade for memorability is real, and four words from a 300-word list is only acceptable for accounts behind strict rate limits. Second, the move from six to seven words is the practical inflection point on our list: it pushes crack time from hours into years against a fast hash. For a master credential, lean toward seven or more words from our list (or use a generator backed by the full EFF 7,776-word large list, where six words already reaches 77+ bits).
The same passphrases against bcrypt with cost factor 12 (around 10,000 hashes per second on the same hardware) become roughly 10 million times harder to crack. A six-word passphrase from our list against bcrypt is already in the βcenturiesβ range. The takeaway is that the strength of any specific passphrase depends as much on what the target service does with it as on the passphrase itself; assume the worst case (fast unsalted hash) and pick a length that survives it.
When NOT to Use a Passphrase
Passphrases are not the right answer everywhere. Several common situations push you back toward a random character password, and recognizing them up front avoids friction later.
- Strict maximum length limits. Some legacy systems still cap passwords at 12, 16, or even 8 characters. A passphrase of any meaningful strength runs 25 characters or more and simply will not fit. Generate a random password at the maximum allowed length instead, and complain to the vendor.
- Composition rules that require symbols. If a service mandates at least one symbol and at least one digit, a pure passphrase fails the policy check. You can append
-1!to satisfy the rule, but at that point the random-character format is cleaner. Reserve passphrases for services with sane policies. - Frequent typing on mobile keyboards. A 35-character passphrase with hyphens is faster to type on a hardware keyboard than a 16-character random password, but on a phone the autocorrect, capitalization, and word boundaries introduce errors. For accounts you log into primarily from mobile, a random password autofilled from your password manager is more reliable.
- Stored in a password manager already. The whole advantage of a passphrase is memorability. If the credential will live in your manager and never be typed by hand, you are paying the length cost without benefiting from the human-readability gain. A 20-character random password is denser per bit of entropy and just as easy to autofill.
- Voice or shoulder-surfing exposure. Passphrases are easy for someone nearby to hear or read. If you ever need to type the credential in a public space, a random string of similar-looking characters is harder to memorize at a glance than four English words.
- API keys and machine-to-machine secrets. Anything generated by a machine and consumed by a machine should be a high-entropy random string. Human-readability adds nothing and the structure of a passphrase can confuse parsers that split on whitespace or hyphens.
The general rule: passphrase when a human will type it from memory, random password everywhere else. Both belong in your toolkit. Neither is universally superior.
Frequently Asked Questions
What is a passphrase?
A passphrase is a password made up of multiple random words strung together, such as "correct-horse-battery-staple." Passphrases are typically longer than traditional passwords but far easier to remember, while still offering excellent security when generated randomly.
What is the diceware method?
Diceware is a method for generating passphrases by rolling physical dice to select words from a numbered list. Each word is chosen independently and at random, guaranteeing high entropy. Our tool replicates this process digitally using the cryptographically secure Web Crypto API.
How many words should my passphrase have?
For most purposes, 4 words provide approximately 33 bits of entropy from a 300-word list, which is adequate for low-risk accounts. For high-security accounts, use 5-6 words. For master passwords protecting a password manager vault, 6-8 words is recommended.
Is a passphrase more secure than a random password?
Both can achieve the same level of security. A 5-word passphrase from a large word list can match the entropy of a 10-character random password. The advantage of passphrases is memorability: humans can remember sequences of words much more easily than strings of random characters.
What is the XKCD passphrase method?
The XKCD method, popularized by the webcomic XKCD #936, suggests using four random common words as a password. The comic demonstrated that "correct horse battery staple" has more entropy and is easier to remember than a shorter complex password like "Tr0ub4dor&3".
Can I add numbers or symbols to my passphrase?
Yes, you can increase entropy by adding a random number or symbol between words or at the end. However, the primary strength of a passphrase comes from the number of words. Adding a fifth word gives more entropy than appending a single digit.
What separator should I use between passphrase words?
Common separators include hyphens (-), spaces, periods (.), and underscores (_). Hyphens are the most popular because they are easy to type on all devices. The separator itself adds minimal entropy; the security comes from the random words.
Is this passphrase generator safe to use?
Yes. All passphrases are generated entirely in your browser using the Web Crypto API (crypto.getRandomValues). No data is ever transmitted to any server. The word selection uses unbiased cryptographic randomness, the same quality used in TLS certificates.