Why are word-based passwords easier to remember?

People recall whole words far better than random character strings. A passphrase like "Coral-Anchor-Drift-42" is easy to memorise yet, with four random words from a large list, is much harder to brute-force than a short complex password.

What does the entropy number mean?

Entropy in bits measures how many guesses an attacker would need on average. Each added bit doubles the search space, so 60 bits is about a billion times harder to crack than 30 bits. Aim for 60-plus bits on important accounts and 80-plus where you can.

Is this password generation actually random?

Yes. Every word, number, and symbol is chosen with the browser's cryptographic random source via crypto.getRandomValues, using rejection sampling to avoid modulo bias. The result is genuinely unpredictable, not a seeded pseudo-random sequence.

Does the password ever leave my device?

No. Generation happens entirely in your browser with no network requests and no storage. Nothing is logged or transmitted, and the copy action writes only to your local clipboard.

Should I still use a password manager?

Yes. Memorable passphrases are ideal for the few passwords you must type from memory, such as your device login or your password manager's master password. For everything else, store unique random passwords in a manager.

Memorable Password Generator

A password you cannot remember gets reused or written down — both worse than the password itself. This tool builds passphrases from random dictionary words, an approach popularised by Diceware and the famous “correct horse battery staple” comic, giving you strings that are easy to recall yet hard to guess.

How it works

The generator picks several words at random from a curated list of about 250 short, easy-to-spell English words, joins them with your chosen separator, and optionally capitalises each word, appends a number, and adds a symbol. Randomness comes from crypto.getRandomValues with rejection sampling, so there is no modulo bias.

The entropy estimate assumes the worst case — that an attacker knows your exact recipe and word list — and adds up the independent choices:

entropy (bits) = words × log2(list size)
               + log2(10000)   [if a number is appended]
               + log2(8)       [if a symbol is appended]

With a 250-word list, each word contributes about 8 bits, so a four-word passphrase plus a number lands near 45 bits, and six words plus a number and symbol comfortably exceeds 60.

Tips and notes

Length beats complexity. Adding one more random word raises entropy far more than swapping a letter for a symbol — favour more words over more punctuation.
Use the number and symbol options only to satisfy site rules that demand them; they add little entropy compared with an extra word.
A passphrase’s strength assumes the words are chosen randomly. Picking your own “memorable” words from your life destroys the security — let the tool choose.
Reserve memorised passphrases for the handful of passwords you must type by hand; let a password manager generate and store the rest as long random strings.