Generate Passphrase Password

Security researchers recommend at least 5 random words for general use (about 64 bits of entropy with Diceware) and 7 words for high-security applications (about 90 bits). Each additional word roughly doubles the difficulty of a brute-force attack. The famous XKCD 'correct horse battery staple' example uses 4 words, which is now considered the minimum.

Diceware uses physical dice rolls to select words from a curated list of 7,776 words. Each word adds 12.9 bits of entropy. You roll five dice per word and look up the result in the word list. This method ensures truly random selection — no algorithm or software involved. It is the gold standard for generating memorable passphrases, especially for master passwords.

Adding random numbers or symbols between words increases entropy modestly. For example, 'correct7Horse!battery2Staple' is stronger than 'correcthorsebatterystaple'. However, adding one more random word typically provides more entropy than inserting symbols. If the system requires numbers or symbols, insert them between words rather than replacing letters in predictable ways.

A single-word passphrase is vulnerable, but multi-word passphrases drawn randomly from a large word list are extremely resistant. An attacker trying all 5-word combinations from a 7,776-word Diceware list faces over 28 trillion trillion possibilities. The strength comes from the random combination of words, not from the obscurity of individual words.