Your browser is too old: it does not support the necessary APIs for this web application.

This is a truly secure password generator that generates easy-to-remember passwords.


Options

The Idea

We tend to associate secure passwords with complicated and hard-to-remember passwords. But it doesn't have to be this way.

We make password difficult to guess by increasing entropy — the degree of uncertainty in the password. The higher the entropy, the harder it is to guess the password.

One way of increasing entropy is to make passwords more complicated. Another way is to make the password longer, but keeping it simple, as the following xkcd comic shows:

xkcd comic about password strength
To anyone who understands information theory and security and is in an infuriating argument with someone who does not (possibly involving mixed case), I sincerely apologize.

The core idea is that while using a single dictionary as a password is horribly insecure and can be cracked in seconds, each additional word makes cracking exponentially harder.

There is a lot of criticism on the internet about this password scheme. However, most of them fail to get the actual point. There are also claims that correcthorsebatterystaple is as secure as a 9 character password, which sounds fairly bad. This is true if your 9 character password is truly random, such as n98idhi3n, and not say, Tr0ub4d0r. The point is that, correcthorsebatterystaple is more memorable than n98idhi3n, for approximately equal security. To increase security, we can always add more words.

5 words from the large list, or 6 words from the small list is sufficient for all reasonable threats.

Let us consider the absolute worst case, assuming the attacker knows your password is generated by this site, knowing that it has 65 bits of entropy, your password was insecurely hashed, and your enemy has GPUs to run 500 billion attempts every second. Even then, this scheme will resist the cracking attempt for over a year.

Running this sort of attack is prohibitively expensive. Unless you possess highly valuable secrets that makes this sort of effort worthwhile (you should use something more secure than passwords in such a case), you don't have to worry about this hypothetical scenario. If you have to, you can simply add more words.

In practice, most real life systems use secure password hashing algorithms, captchas, and other mechanisms to stop password cracking. It is unlikely that your attacker can reach anywhere close to a million guesses a second, and so a four word password (from the large list) is probably sufficient in real life. If you are paranoid and want to feel better, use five.

Frequently Asked Questions

Why did you make this website?

I made this website because I wanted a good password generator. I know the xkcd-style password scheme is fairly secure and easy to remember, especially if you increase the length, and it's simple enough to understand and verify. Most programmers can audit the source code of this website to ensure security.

Another major part of the reason is that a lot of the similar websites fail to generate passwords securely: for example, they used Math.random(), which is not a cryptographically secure random number generator, and should never be used to generate passwords. This website aims to avoid such pitfalls, and provide a truly secure experience.

Why is this site more secure than alternatives?
  1. I have a large list of 8192 words.
  2. All passwords are generated on your computer. No one else will see it.
  3. I use window.crypto.getRandomValues() — the only cryptographically-secure random number generator in JavaScript, instead of Math.random(), whose use is explicitly discouraged for this purporse.
  4. The source code is available on GitHub. You can audit the code all you want, and build your own trusted version locally.
Bruce Schneier says this password scheme is broken. Is it?

Bruce Schneier completely missed the point:

Modern password crackers combine different words from their dictionaries:

This is why the oft-cited XKCD scheme for generating passwords -- string together individual words like "correcthorsebatterystaple" -- is no longer good advice. The password crackers are on to this trick.

Excuse me, Bruce, but the entropy calculation for this password scheme is based on the absolute worst case scenario: that the attackers knows exactly which words you have to choose from, and attempts to guess every possible combinations from the known dictionary.

In essence, we are assuming the attacker is more than on to this trick already. Whether attackers are on to this trick is completely therefore irrelevant to its security. If Bruce Schneier thinks using four words is insufficiently secure, he should be suggesting five or six words, not shamelessly promoting his own password generation scheme.

If you don’t believe me, that’s okay. Check out this post on the Information Security Stack Exchange. The top four answers (with vast majority of the votes) agree with me, and they provide more details and additional material to support xkcd-style passwords.