This is a web app for generating passphrases that form grammatically correct sentences.

Passphrases are short sequences of common words that can be used as passwords. Because they are longer and more memorable than the sorts of passwords most people choose, they are generally considered to be more secure.

Sequences of words are easier to remember when they form sentences, even if those sentences are nonsensical.

Well, yes... but it turns out not by much. In this case, knowing that an adjective is likely to be followed by a noun only reduces the possible number of words by half, or by one bit of entropy. This is offset by having grammatical variation, such as singulars and plurals, or past or present tenses.

Entropy is a measure of the amount of information contained in a password. Each additional bit of entropy means it would take an attacker twice as long to crack your password. Based on the number of words used by this generator, passphrases with 4 or 5 words have an entropy of around 40-50 bits.

The calculations provided by zxcvbn are based on blind entropy, in other words they're not assuming any knoweledge of the type of password that is being used. On the other hand, the 40-50 bits of entropy are calculated based on the number of possible phrases generated by this site - in other words, it is a measure of how secure the passwords are if you're being targetted by an attacker who knows that you get your passwords from this site. In most cases, this is an extremely conservative estimate, and the longer estimate provided by zxcvbn is more likely to be accurate.

For simplicity, the passphrases all follow the same grammatical construction: noun phrase, verb, noun phrase. The noun phrases may contain adjectives and may have definite or indefinite articles, and the verb can be either present or past tense. The words are selected at random from lists of 2048 nouns, adjectives, and verbs.

The best solution to this problem is to use a password manager, such as LastPass or 1Password. These are apps that will remember most of your passwords for you, and automatically fill them in on websites. This page is meant for the few occasions that you can't use a password generator and actually have to remember your passwords, such as for computer logins.

The worst solution is to reuse the same password over and over again for different services. If you do this, the moment one website you use gets hacked because it has poor security, all of your accounts are vulnerable. Never reuse passwords.

Well, ideally not. But the phrases from this site are generated locally on your computer, and are never sent to a server. The source code for this project is open source and is published on GitHub, so you can review it to make sure it does what I say.

Great! Let me know by opening an issue here and I'll fix it.