Readable Passphrase Generator
The Readable Passphrase Generator generates passphrases which are (mostly) grammatically correct but nonsensical. These are easy to remember (for humans) but difficult to guess (for humans and computers).
Developed in C# with a KeePass plugin, console app and public API. Runs wherever .NET or Mono is available.
See MakeMeAPassword to generate readable passphrases online (without KeePass).
If you like the Readable Passphrase Generator you can donate to support development, or just say thanks.
- Version 1.1.1
- Change update site to makemeapassword.ligos.net.
- Add KeyBase site as contact info.
- Enforce requirement for KeePass 2.36 or newer.
- Version 1.1.0
- Update to target .NET 4.0.
- Fix bug where KeePass plugin crashes when using
&as a word separator.
- Version 1.0.0
- Fix bug where None word separator can still include some spaces.
- Fix bug where Space and None word separators were swapped.
- Add .NET 4.0 SKU as supported runtime (to fix Mono warning).
- Migrated all links to BitBucket from Codeplex.
- 15,020 words in the default dictionary (~900 more than 0.17 release).
- Version 0.17
- Fix serious non-random password bug.
- All users should upgrade to this version as soon as possible
- It is highly recommended to reset any passphrases generated in the last 4 years
- Versions of the plugin affected by this bug will crash KeePass 2.36+, you must upgrade to 0.17 or newer.
- Step By Step Instructions for Installing KeePass Plugin
- Generate Readable Passphrases Online Without KeePass
- KeePass Plugin Details
- Generate Readable Passphrases By Default in KeePass
- Complying with Complexity Rules (Mutators)
- How to Use the Console App
- What Passphrase Should I Use?
- Combination Counting
- Running Under Linux
- Dictionary Totals
- Academic Papers on Passphrases
- Version 0.17 Fix for Non-Random Passphrases
- Verify Downloads (PGP and KeyBase signatures + file hashes)
- Contact Murray
It may be used freely under the terms of the above license.
Summary: it may be used in any project (commercial or otherwise) as long as you attribute copyright to me somewhere and indicate its licensed under the Apache License.
Why use it?
Because you can make passphrases which are as strong as traditional "strong" passwords (8 letters long, upper, lower, numbers, etc) which you can memorise in 5 minutes instead of 5 days. (And its fun to read the phrases it generates!)
Use this passphrase to protect:
- Your KeePass, 1Password, LastPass or favourite password manager database.
- You computer login at home or work.
- Your eBay, Facebook, Google, OpenID or other high value account.
- Your Internet banking account.
Some examples passphrases:
- a wound rebuffs an incline
- the statesman will burgle amidst lucid sunlamps
- plaid foresails repel ashamedly upon the birdbath
- 234 readers affably build the untouched athlete
- Sydney reasoned "an edible sleeve fumbles the argumentative float"
Why Bother At All?
(Warning: geek stuff follows)
More seriously, we're told the best password is at least
8 characters 12 characters long, contains upper and lower case letters, numbers and punctuation symbols.
Unfortunately, this makes the "best" password something which looks like gibberish and is, frankly, quite hard for ordinary people to remember.
Perhaps something like:
I used to generate 12-16 character passwords like this and memorise them. It would commonly take up to two weeks of typing them in multiple times per day. All told, I've memorised perhaps 10 of these in my life. They get used for my KeePass database, Windows logons (at work and home) and Truecrypt volume, but nothing else because I can't afford to memorise any more (lest I memorise a password and my address falls out of my brain!).
That is all too hard!
So we resort to taking a some word from the dictionary, capitalise a few letters, turn an o into a 0 and stick some punctuation at the end: like our friend
Only problem is, while that is easy to remember (well, easier according to XKCD), its also trivially easy for a computer to guess.
the statesman will burgle amidst lucid sunlamps after typing it twice.
And, even if some evil hacker knows my dictionary (which it will, because its included with this project),
that passphrase is still equivalent to an 11 letter password with upper, lower, numbers and symbols (using the 13k word dictionary from version 0.13).
Much, much easier, I think. (So does my wife!)