The Readable Passphrase Generator generates passphrases which are (mostly) grammatically correct but nonsensical. These are easy to remember (for humans) but difficult to guess (for humans and computers).

Developed in C# with a KeePass plugin, console app and public API.

See MakeMeAPassword to generate readable passphrases online (without KeePass).

The KeePass plugin and console app runs under Windows and Linux.

Recent Changes

  • Version 0.12.0
    • Expanded the Random phrase strength to 4 in total.
      • Random doesn't generate quite as many insanely long phrases.
      • RandomShort, RandomLong and RandomForever are new options.
    • Allow adjectives to stand in for nouns (eg: the blind one throws a duckbill )
    • Add numbers as part of phrases (eg: 293 rats eat the cheese )
    • Hooking into KeePass's update checks, so you'll be notified sooner of a new version.
    • Fixed misspelling 'speech' across the whole application (hey! at least I was consistently wrong).
    • 12,536 words in the default dictionary (~1900 more than previous release, many are the numbers 1..999).
  • Version 0.11.0
    • Add direct speech phrase strength (...Speech) (eg: the desert declared the galaxy might risk a duckbill )
    • Fixed bug with intransitive verb grammar
    • 10,627 (~150 more)
  • Version 0.10.0
    • New phrase strength Random, which randomly chooses between all other strengths.
    • Random phrase strength is now the default.
      • If you have previously installed the KeePass plugin, you will need to change your settings to use Random strength.
    • Changed console app to generate 10 phrases by default so you can choose.
    • Added simple conjunctions as And phrase strengths. These add another noun to the passphrase.
    • Proper nouns are now used in Normal and Strong phrase strengths.
    • A Min and Max passphrase length configuration setting.
    • 10,482 words in the default dictionary (~5000 more than previous release, mostly proper nouns).
    • Added generation of CSV histograms of phrase length (in characters and words). Some graphs are available on Combination Counting.
  • Version 0.9.0
    • Combinations are now reported as a range and a weighted average. See Combination Counting for more details.
    • Console app has min and max length options to restrict the length of passswords generated.
    • Add an "Rquired" version of each strength, where there are no optional clauses (for the true security nerds).
    • 5426 words in the default dictionary (~2000 more than previous release)

Why use it?

Because you can make passphrases which are as strong as traditional "strong" passwords (8 letters long, upper, lower, numbers, etc) which you can memorise in 5 minutes instead of 5 days. (And its fun to read the phrases it generates!)

Use this passphrase to protect:
  • Your KeePass, 1Password, LastPass or favourite password manager database.
  • You computer login at home or work.
  • Your eBay, Facebook, Google, OpenID or other high value account.
  • Your Internet banking account.

Some examples passphrases:
  • a wound rebuffs an incline
  • the statesman will burgle amidst lucid sunlamps
  • plaid foresails repel ashamedly upon the birdbath
  • 234 readers affably build the untouched athlete
  • Sydney reasoned "an edible sleeve fumbles the argumentative float"

Download KeePass plugin (required KeePass Password Safe) or Window Console Application.
Read step by step KeePass installation instructions.

Why Bother At All?

(Warning: geek stuff follows)

XKCD Password Strength Comic

Because XKCD wrote a cool comic about password strength! And when Jeff Atwood and Ars Technica kick up a stink, well you listen.

More seriously, we're told the best password is at least 8 characters 12 characters long, contains upper and lower case letters, numbers and punctuation symbols. Unfortunately, this makes the "best" password something which looks like gibberish and is, frankly, quite hard for ordinary people to remember.

Perhaps something like: 3h4o.%\vJACj

I used to generate 12-16 character passwords like this and memorise them. It would commonly take up to two weeks of typing them in multiple times per day. All told, I've memorised perhaps 10 of these in my life. They get used for my KeePass database, Windows logons (at work and home) and Trucrypt volume, but nothing else because I can't afford to memorise any more (lest I memorise a password and my address falls out of my brain!).

That is all too hard!

So we resort to taking a some word from the dictionary, capitalise a few letters, turn an o into a 0 and stick some punctuation at the end: like our friend Tr0ubador&3 . Only problem is, while that is easy to remember (well, easier according to XKCD), its also trivially easy for a computer to guess.

I memorised the statesman will burgle amidst lucid sunlamps after typing it twice. And, even if some evil hacker knows my dictionary (which it will, because its included with this project), that passphrase is still equivalent to a 7 letter password with upper, lower, numbers and symbols (using a tiny 750 word dictionary).

Much, much easier, I think. (So does my wife!)

Last edited Jan 19 at 10:52 AM by ligos, version 28