A passphrase is a sequence of random words such as correct-horse-battery-staple that is simultaneously memorable for humans and cryptographically strong against attackers.
Loading Password Generator…
Diceware-style random word selection
Configurable word count (4–8 words)
Separator customisation (-, space, none)
No sign-up required
Drop the Password Generator into any page — blog post, product docs, intranet, school portal — with a single line of HTML. Your visitors get the full tool, processed entirely in their browser. No backend, no uploads, no signup.
Embed code
<iframe
src="https://www.fixtools.io/utilities/password-generator?embed=1"
width="100%"
height="780"
frameborder="0"
style="border:0;border-radius:16px;max-width:900px;"
title="Password Generator by FixTools"
loading="lazy"
allow="clipboard-write"
></iframe>Attribution-friendly: a small "Powered by FixTools" link appears in the embed footer.
Human memory simply does not work well with arbitrary strings of mixed characters. A password like k7 hash Bz exclamation nine mWqL2pX has high entropy and would satisfy any complexity policy, but it is practically impossible for most people to memorise reliably, which forces them to either write it down on paper near the device it protects or store it in a place that defeats the purpose of having a strong credential at all. Passphrases solve this problem by leveraging the way human memory actually works. We are extraordinarily good at remembering sequences of concrete words, especially when those words form a memorable or absurd mental image that the brain can rehearse during the encoding phase. A six word passphrase drawn from a seventy seven hundred word Diceware list has approximately seventy seven bits of entropy, which exceeds the security of a random twelve character password while being dramatically easier to commit to long term memory through association and repetition.
The security of a passphrase depends on exactly two factors, and both must be chosen carefully to achieve the security level you intend. The first factor is the size of the word list from which the words are drawn. A larger word list means more possible choices per word and therefore more entropy per word. The standard Diceware list contains seven thousand seven hundred and seventy six words, which corresponds to five rolls of a six sided die and gives twelve point nine bits of entropy per word. The second factor is the number of words in the passphrase. Five words from a Diceware list gives roughly sixty five bits of entropy, which is solid for everyday accounts. Six words gives seventy seven bits, which is strong enough for master passwords protecting password vaults and full disk encryption keys. The critical requirement underlying both factors is that the words are chosen by a cryptographic random process and not selected by a human, because human word selection is heavily biased toward common predictable words and undermines the entropy calculation.
Passphrases are most valuable for credentials that you must type from memory regularly rather than retrieve from a password manager every time. The canonical example is the master password of the password manager itself, which by definition you cannot store inside the manager. Another important case is the passphrase that unlocks a full disk encryption volume at boot, which is typed before the operating system has loaded the password manager. SSH key passphrases also belong in this category, as do any account credentials you might need to access from a friend's computer or a public terminal where your manager is unavailable. For everything else, where your password manager is the day to day access path, a random character password is equally secure and uses less screen space, so the passphrase format is not always the right choice.
A practical observation about passphrase memorisation is that the absurdity of the word combination matters more than people expect. A passphrase like correct-horse-battery-staple sticks in memory precisely because the image of a horse holding a battery and a staple is bizarre and visual, and the brain encodes bizarre images far more reliably than mundane ones. When you generate a passphrase, take a few seconds to construct a brief mental scene that involves all the words in the order they appear. The more peculiar the scene, the faster it locks in and the longer it survives in long term memory even after extended periods of not typing the passphrase. This memorisation technique, sometimes called the method of loci or simply the story method, transforms a passphrase from a sequence of arbitrary words into a single coherent unit that recalls itself effortlessly.
Choose 5–6 random words with a hyphen separator for a passphrase that balances memorability and strength.
Step-by-step guide to generate a passphrase online:
Choose your word count
Select five or six words for a master password or a credential you will type regularly, because that range gives the right balance between entropy and memorisation effort. Use four words for lower stakes applications where memorability dominates, and seven or eight words only for extreme cases like long term archive encryption keys where you can afford a heavier credential.
Select a separator
Hyphens are the most practical separator for typing and work reliably across every system that accepts the passphrase. Spaces work well for spoken passphrases but can be trimmed by some password fields. Using no separator at all makes the passphrase slightly harder to type and to read back, so reserve that option for cases where you have tested compatibility with the destination system.
Generate and memorise
Click generate to produce a candidate passphrase. Spend three to five focused minutes constructing a vivid mental image that links the words together in their generated order. Recite the passphrase aloud or in your head several times before closing the browser tab so that the initial encoding is solid before you rely on it as a credential.
Write it down temporarily if needed
If you cannot memorise the passphrase immediately and reliably, write it on a single piece of paper and store the paper in a physically secure location such as a locked drawer at home. Destroy the paper as soon as you have the passphrase memorised. Never store the paper near the device the passphrase protects, and never photograph it onto an unencrypted phone.
Common situations where this approach makes a real difference:
Password manager master password
A user setting up Bitwarden or 1Password for the first time generates a six word passphrase as the master password that will unlock the rest of their digital life. They spend five focused minutes memorising it by constructing a vivid mental scene linking all six words in order, then type it several times to confirm recall, and never forget it despite typing it daily for years afterward.
Disk encryption key
A laptop user enabling full disk encryption with LUKS, FileVault, or BitLocker chooses a five word passphrase for the volume key because it must be typed at boot before the password manager is available. The passphrase is strong enough to resist offline attack on the encrypted volume and memorable enough to type at startup without resorting to a sticky note on the laptop lid.
Shared account with a team
A small team that occasionally needs to type a shared account password in front of colleagues or read it aloud over a phone line chooses a passphrase rather than a random string. The natural words are easier to communicate verbally without errors than a sequence of mixed case symbols, and the passphrase format works in environments where dictation accuracy matters more than maximum cryptographic density.
Use this for master passwords (password manager, disk encryption), passwords that must be typed from memory frequently, or for any account where memorability matters as much as security.
Get better results with these expert suggestions:
Create a vivid mental story connecting the words
The fastest reliable way to memorise a passphrase is to construct a brief absurd mental scene involving all the words in their generated order. The more unusual and visual the image, the more memorable it becomes because the brain encodes peculiar scenes far more deeply than ordinary ones. This memory technique, known as the method of loci or the story method, can make a six word passphrase stick after only three or four deliberate recitations, and the resulting recall typically remains stable for years.
Test recall before committing the passphrase
After generating and studying your passphrase, close the browser tab and attempt to recite all the words in the correct sequence from memory. If you can do this three times in a row with a short delay between each attempt, the passphrase is sufficiently memorised for daily use as a long term credential. Do not commit a passphrase as your master password until you have passed this informal test, because losing the master password of a password manager is a uniquely painful failure mode.
Write it on paper during the memorisation period only
It is acceptable, and sometimes prudent, to write a passphrase on a single piece of paper during the initial memorisation period of the first few hours or days, provided the paper is stored in a physically secure location such as a locked drawer or a home safe. Once you can recall the passphrase reliably without prompts, destroy the paper. The brief window of risk from the written copy is smaller and more controllable than the risk of permanently forgetting the only credential that unlocks your password manager.
Use a hyphen separator for the best typing experience
Hyphens are present on every standard keyboard layout including the on screen keyboards of phones and tablets, can be typed in a single keystroke without a shift modifier, and visually separate words clearly in password fields that show the typed characters as you go. Space separators work well for passphrases you speak aloud but can cause unexpected behaviour in some password fields that trim leading or trailing whitespace, so hyphens are the safer default unless you have a specific reason to use a different separator.
Use 5–6 words for the right balance
A 4-word passphrase has roughly the same security as a 10-character random password. A 6-word passphrase exceeds a 20-character random password in entropy. Five to six words is the sweet spot between memorability and strength.
Do not modify the words
Adding "1" to the end of a passphrase or capitalising one word reduces entropy significantly because these modifications are predictable. Use the words as generated, with a separator.
Passphrases are ideal for things you type regularly
For your password manager master password, which you type multiple times daily, a passphrase is far more practical than a 20-character random string. You can memorise it in minutes.
More use-case guides for the same tool:
Other tools you might find useful:
Open the full Password Generator — free, no account needed, works on any device.
Open Password Generator →Free · No account needed · Works on any device