Is a passphrase more or less secure than a random password?

It depends on the number of words. A 4-word passphrase drawn from a large word list has approximately the same entropy as a 10-character random password. A 6-word passphrase exceeds a 20-character random password. The advantage of a passphrase is that it is memorable.

Diceware is a passphrase generation method invented by Arnold Reinhold that uses dice rolls to select words from a large standardised list. The randomness comes from the dice. FixTools generates passphrases using the same principle but with a cryptographically random selection process.

Should I capitalise words or add numbers to my passphrase?

No. Adding predictable modifications (capitalising the first word, adding "1" at the end) is a common pattern that password crackers explicitly account for. The passphrase is strongest when used as generated, with only a separator.

Browse tools

Free · Fast · Privacy-first

Generate a Passphrase Online

A passphrase is a sequence of random words (e.g., "correct-horse-battery-staple") that is both memorable and cryptographically strong. FixTools generates Diceware-style passphrases that are easy to remember and computationally infeasible to crack.

⚡ Use Tool Now How it works

Cost: Free forever
Sign-up: Not required
Processing: In your browser
Privacy: Files stay local

⚡

Diceware-style random word selection

🔒

Configurable word count (4–8 words)

✨

Separator customisation (-, space, none)

Utility Tool

Password Generator

All processing happens in your browser — your files are never uploaded to any server.

🚀Open Password Generator

100% Free · No account · Works on any device

How to use this tool

💡

Choose 5–6 random words with a hyphen separator for a passphrase that balances memorability and strength.

How It Works

Step-by-step guide to generate a passphrase online:

1
Choose your word count
Select 5–6 words for a master password or regularly-typed password. Use 4 words for lower-security applications.
2
Select a separator
Hyphens are the most practical separator for typing. Spaces work well too. No separator makes the passphrase harder to type but slightly harder to crack.
3
Generate and memorise
Generate the passphrase. Spend 3–5 minutes creating a mental image that connects the words in order. Recite it several times before closing the browser.
4
Write it down temporarily if needed
If you cannot memorise it immediately, write it on paper and store the paper somewhere physically secure. Destroy the paper once you have the passphrase memorised.

Real-world examples

Common situations where this approach makes a real difference:

Password manager master password

A user setting up Bitwarden for the first time generates a 6-word passphrase as their master password. They spend 5 minutes memorising it by creating a mental image connecting the words, and never forget it.

Disk encryption key

A laptop user enabling full-disk encryption chooses a 5-word passphrase for the encryption password — strong enough for disk encryption, and memorable enough to type at startup without a post-it note.

Shared account with a team

A team that occasionally needs to type a shared account password in front of colleagues uses a passphrase rather than a random string — it is easier to communicate verbally in an emergency without being overheard as clearly.

When to use this guide

Use this for master passwords (password manager, disk encryption), passwords that must be typed from memory frequently, or for any account where memorability matters as much as security.

Pro tips

Get better results with these expert suggestions:

Use 5–6 words for the right balance

A 4-word passphrase has roughly the same security as a 10-character random password. A 6-word passphrase exceeds a 20-character random password in entropy. Five to six words is the sweet spot between memorability and strength.

Do not modify the words

Adding "1" to the end of a passphrase or capitalising one word reduces entropy significantly because these modifications are predictable. Use the words as generated, with a separator.

Passphrases are ideal for things you type regularly

For your password manager master password, which you type multiple times daily, a passphrase is far more practical than a 20-character random string. You can memorise it in minutes.