Why a word passphrase beats a "complex" password
For years we were told to build passwords like Tr0ub4dor&3: short, with symbols and substitutions. The problem is they are hard for humans to remember and easy for machines to crack. A passphrase flips that logic: it uses several real words chosen at random, like sky-dog-table-wind. It is long (which is what matters for security) and memorable (which is what matters for you).
The technical key is entropy: how many possible combinations exist. Four random words from a list of 256 give 256⁴ ≈ 4.3 billion combinations. Decorations like swapping an a for an @ add very little entropy, because attackers know those tricks and try them first.
The famous "correct horse battery staple"
The idea went mainstream with the webcomic XKCD #936, titled Password Strength. It compares Tr0ub4dor&3 (about 28 bits of entropy, hard to remember) against correct horse battery staple (four common words, about 44 bits, easy to remember). The punchline that stuck: "Through 20 years of effort, we've successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess." This tool generates exactly that kind of passphrase, with real cryptographic randomness.
What diceware is
Diceware is a method published in 1995 by Arnold Reinhold. You roll five dice, note the result (say 3-1-6-2-4) and look that combination up in a numbered word list. You repeat for every word you want. The beauty is that each word is chosen with true physical randomness, not something that just "looks random". This generator replaces the dice with crypto.getRandomValues(), the browser's cryptographic randomness source, which is the recommended one for anything security-related.
How we calculate entropy
The formula is direct. If the list has N words and you pick k words at random (with repetition allowed), the entropy in bits is:
bits = k × log2(N) With our 256-word list, log2(256) = 8, so each word adds exactly 8 bits. On top of that we add the extras: turning on "append a number" adds about 3.3 bits (one digit 0–9), and capitalizing each word adds k bits (one upper/lower choice per word). The number you see on screen is the total entropy of your specific passphrase.
When to use more words
Not every account is worth the same. For forums or minor services, 4 words is plenty. For your main email, your password manager or a crypto wallet, go up to 5 or 6: every extra word multiplies the attacker's effort by 256. And remember the golden rule: a different passphrase per account. If you reuse and one leaks, they all fall. The ideal is to use this tool for the master passphrase of a password manager, and let the manager generate and store the rest.
Reference: words and entropy
With a 256-word list (log2 = 8 bits per word), no extras:
| Words | Combinations | Entropy | Level |
|---|---|---|---|
| 3 | 256³ ≈ 16.7 million | 24 bits | Weak |
| 4 | 256⁴ ≈ 4.3 billion | 32 bits | Acceptable |
| 5 | 256⁵ ≈ 1.1 trillion | 40 bits | Good |
| 6 | 256⁶ ≈ 281 trillion | 48 bits | Very good |
| 7 | 256⁷ ≈ 72 quadrillion | 56 bits | Strong |
| 8 | 256⁸ ≈ 1.8 × 10¹⁹ | 64 bits | Very strong |
Crack times assume a fast attacker trying 100 billion guesses per second (modern hardware against fast hashes). With slow, well-designed hashes the real time is much longer.