Clone wiki

ReadablePassphraseGenerator / Home

Readable Passphrase Generator

The Readable Passphrase Generator generates passphrases which are (mostly) grammatically correct but nonsensical. These are easy to remember (for humans) but difficult to guess (for humans and computers).

Developed in C# with a KeePass plugin, console app and public API. Runs wherever the .NET Framework, .NET Core or Mono are available.

See MakeMeAPassword to generate readable passphrases online (without KeePass). Or Steven Zeck's Javascript port (runs entirely in your browser).

Click here for step-by-step instructions to install the KeePass plugin.

Download KeePass plugin or console app

Developers can install from NuGet (and see the API)

If you like the Readable Passphrase Generator you can donate to support development, or just say thanks.

Donate $5

Recent Changes

  • Version 1.1.2
    • Add support for .NET Core.
    • Add NuGet package.
  • Version 1.1.1
    • Change update site to
    • Add KeyBase site as contact info.
    • Enforce requirement for KeePass 2.36 or newer.
  • Version 1.1.0
  • Version 1.0.0
    • Fix bug where None word separator can still include some spaces.
    • Fix bug where Space and None word separators were swapped.
    • Add .NET 4.0 SKU as supported runtime (to fix Mono warning).
    • Migrated all links to BitBucket from Codeplex.
    • 15,020 words in the default dictionary (~900 more than 0.17 release).
  • Version 0.17
    • Fix serious non-random password bug.
    • All users should upgrade to this version as soon as possible
    • It is highly recommended to reset any passphrases generated in the last 4 years
    • Versions of the plugin affected by this bug will crash KeePass 2.36+, you must upgrade to 0.17 or newer.

User Documentation

Programmer Documentation


Readable Passphrase Generator is licensed under the Apache License, copyright Murray Grant.

It may be used freely under the terms of the above license.

Summary: it may be used in any project (commercial or otherwise) as long as you attribute copyright to me somewhere and indicate its licensed under the Apache License.

Why use it?

Because you can make passphrases which are as strong as traditional "strong" passwords (8 letters long, upper, lower, numbers, etc) which you can memorise in 5 minutes instead of 5 days. (And its fun to read the phrases it generates!)

Use this passphrase to protect:

  • Your KeePass, 1Password, LastPass or favourite password manager database.
  • You computer login at home or work.
  • Your eBay, Facebook, Google, OpenID or other high value account.
  • Your Internet banking account.

Some examples passphrases:

  • a wound rebuffs an incline
  • the statesman will burgle amidst lucid sunlamps
  • plaid foresails repel ashamedly upon the birdbath
  • 234 readers affably build the untouched athlete
  • Sydney reasoned "an edible sleeve fumbles the argumentative float"

Why Bother At All?

(Warning: geek stuff follows)

XKCD Password Strength Comic

Because XKCD wrote a cool comic about password strength! And when Jeff Atwood and Ars Technica kick up a stink, well you listen.

More seriously, we're told the best password is at least 8 characters 12 characters long, contains upper and lower case letters, numbers and punctuation symbols. Unfortunately, this makes the "best" password something which looks like gibberish and is, frankly, quite hard for ordinary people to remember.

Perhaps something like: 3h4o.%\vJACj

I used to generate 12-16 character passwords like this and memorise them. It would commonly take up to two weeks of typing them in multiple times per day. All told, I've memorised perhaps 10 of these in my life. They get used for my KeePass database, Windows logons (at work and home) and Truecrypt volume, but nothing else because I can't afford to memorise any more (lest I memorise a password and my address falls out of my brain!).

That is all too hard!

So we resort to taking a some word from the dictionary, capitalise a few letters, turn an o into a 0 and stick some punctuation at the end: like our friend Tr0ubador&3. Only problem is, while that is easy to remember (well, easier according to XKCD), its also trivially easy for a computer to guess.

I memorised the statesman will burgle amidst lucid sunlamps after typing it twice. And, even if some evil hacker knows my dictionary (which it will, because its included with this project), that passphrase is still equivalent to an 11 letter password with upper, lower, numbers and symbols (using the 13k word dictionary from version 0.13).

Much, much easier, I think. (So does my wife!)