The Readable Passphrase Generator generates passphrases which are (mostly) grammatically correct but nonsensical. These are easy to remember (for humans) but difficult to guess (for humans and computers).

Developed in C# with a KeePass plugin, console app and public API.

See MakeMeAPassword to generate readable passphrases online (without KeePass).

The KeePass plugin and console app runs under Windows and Linux.

If you like the Readable Passphrase Generator you can donate to support development, or just say thanks.

Donate $5

Recent Changes

  • Version 0.17
    • Fix serious non-random password bug.
    • All users should upgrade to this version as soon as possible
    • It is highly recommended to reset any passphrases generated in the last 4 years
    • Versions of the plugin affected by this bug will crash KeePass 2.36+, you must upgrade to 0.17 or newer.
  • Version 0.16
    • Fix cases where custom phrase definitions can cause exceptions (issue).
    • 14,171 words in the default dictionary (~25 more than 0.14 release).
  • Version 0.15
    • Add support for an arbitrary delimiter between words (issue).
    • 14,147 words in the default dictionary (~500 more than 0.14 release).
  • Version 0.14.1
    • Fixed a bug which can cause a crash with the upper case whole word mutator.
  • Version 0.14.0
    • Added additional uppercase "mutators" which make whole words and sequences (or runs) of letters uppercase.
    • Added another numeric "mutators" which adds numbers at the end of the passphrase.
    • Fixed mutators so they work correctly when no spaces in a passphrase (eg: when making a WiFi passphrase)
    • 13,580 words in the default dictionary (~400 more than previous release).
  • Version 0.13.0
    • Added "mutators" which add uppercase and numbers to passphrases (to help complying with upper, lower, number complexity rules).
    • Additional API methods which help consuming the generator from 3rd party c# projects.
    • 13,160 words in the default dictionary (~600 more than previous release).
  • Version 0.12.0
    • Expanded the Random phrase strength to 4 in total.
      • Random doesn't generate quite as many insanely long phrases.
      • RandomShort, RandomLong and RandomForever are new options.
    • Allow adjectives to stand in for nouns (eg: the blind one throws a duckbill )
    • Add numbers as part of phrases (eg: 293 rats eat the cheese )
    • Hooking into KeePass's update checks, so you'll be notified sooner of a new version.
    • Fixed misspelling 'speech' across the whole application (hey! at least I was consistently wrong).
    • 12,536 words in the default dictionary (~1900 more than previous release, many are the numbers 1..999).

Why use it?

Because you can make passphrases which are as strong as traditional "strong" passwords (8 letters long, upper, lower, numbers, etc) which you can memorise in 5 minutes instead of 5 days. (And its fun to read the phrases it generates!)

Use this passphrase to protect:
  • Your KeePass, 1Password, LastPass or favourite password manager database.
  • You computer login at home or work.
  • Your eBay, Facebook, Google, OpenID or other high value account.
  • Your Internet banking account.

Some examples passphrases:
  • a wound rebuffs an incline
  • the statesman will burgle amidst lucid sunlamps
  • plaid foresails repel ashamedly upon the birdbath
  • 234 readers affably build the untouched athlete
  • Sydney reasoned "an edible sleeve fumbles the argumentative float"

Download KeePass plugin (requires KeePass Password Safe) or Window / Linux Console Application.
KeePass Plugin Step By Step Guide.

Why Bother At All?

(Warning: geek stuff follows)

XKCD Password Strength Comic

Because XKCD wrote a cool comic about password strength! And when Jeff Atwood and Ars Technica kick up a stink, well you listen.

More seriously, we're told the best password is at least 8 characters 12 characters long, contains upper and lower case letters, numbers and punctuation symbols. Unfortunately, this makes the "best" password something which looks like gibberish and is, frankly, quite hard for ordinary people to remember.

Perhaps something like: 3h4o.%\vJACj

I used to generate 12-16 character passwords like this and memorise them. It would commonly take up to two weeks of typing them in multiple times per day. All told, I've memorised perhaps 10 of these in my life. They get used for my KeePass database, Windows logons (at work and home) and Truecrypt volume, but nothing else because I can't afford to memorise any more (lest I memorise a password and my address falls out of my brain!).

That is all too hard!

So we resort to taking a some word from the dictionary, capitalise a few letters, turn an o into a 0 and stick some punctuation at the end: like our friend Tr0ubador&3 . Only problem is, while that is easy to remember (well, easier according to XKCD), its also trivially easy for a computer to guess.

I memorised the statesman will burgle amidst lucid sunlamps after typing it twice. And, even if some evil hacker knows my dictionary (which it will, because its included with this project), that passphrase is still equivalent to an 11 letter password with upper, lower, numbers and symbols (using the 13k word dictionary from version 0.13).

Much, much easier, I think. (So does my wife!)

Last edited Mar 3 at 10:02 PM by ligos, version 41