Xkpasswd
xkpasswd.net
xkpasswd - a secure, memorable password generator
Website and underlying password generation library (XKPasswd.pm) by Bart Busschots. Banner by Stu Helm (incorporating artwork from the XKCD Web Comic).
Preshing
preshing.com โบ 20110811 โบ xkcd-password-generator
xkcd Password Generator
August 11, 2011 - The button below will generate a random phrase consisting of four common words. According to yesterdayโs xkcd strip, such phrases are hard to guess (even by brute force), but easy to remember, making them interesting password choices.
xkpasswd-rs: XKCD password generator, written in Rust with supports for Wasm in mind
This is awesome! Going to add this to my list of cool password generator projects. A little bit of "self-advertising" here, I wrote one password generator ( https://passgen.it , source is at https://gitlab.com/xfbs/passgen ) that you can use to generate the same passwords, but it is more flexible. It accepts a regex-like string. For example: $ passgen "[a-z]{12}" hprqseuujhxnpkjs You can generate xkcd-like passwords with it by loading a wordlist: $ passgen -w english:/usr/share/dict/words '(\w{english}-){5}\w{english}' monkey-precociousness-coil-washboard-infringes-chinos It can also tell you how much entropy is in the passwords it generates (it calculates it exactly): $ /passgen -e -w english:/usr/share/dict/words '(\w{english}-){5}\w{english}' entropy: 100.03 bits curiosities-shrewdly-disastrously-dourly-vilely-doughtiest It also can do a few cool other things (like use a markov chain to generate pronounceable gibberish words from a wordlist). Sadly, passgen is written in C (because while I work with Rust I do like to play with C every once in a while). I encourage you to check it out tho. And if you see any feature that you like, feel free to steal it and implement it in your program. Everything is open-source and the more secure passwords we have, the better! More on reddit.com
7
48
May 21, 2023A password generator inspired by the Xkcd password spec
import secrets # On standard Linux systems, use a convenient dictionary file. # Other platforms may need to provide their own word-list. with open('/usr/share/dict/words') as f: words = [word.strip() for word in f] password = ' '.join(secrets.choice(words) for i in range(4)) https://docs.p... More on news.ycombinator.com
61
31
February 21, 2025Memorable password generator app based on XKCD/936
I'm not going to trust an app to generate a pass phrase for me. I did use XKCD's random comic to generate one though. I just used the first significant or interesting word, ignoring articles, pronouns, etc. that I found in at least 4 random XKCD comics. For example, from the following comics, I picked these words. 1051 - clearing 442 - momentum 1153 - client 1195 - start Imagine your own descriptive scenario. More on reddit.com
27
78
April 15, 2015[Security] Opinion on the XKCD Password Strength comic?
This site made a small random password generator with a relatively small pool of words, but it sparked an interesting discussion in the comments below about how secure the concept really is. Knowing the algorithm used to generate a password will always lower the challenge of cracking it. Comments about the entropy of that particular generator assume the attacker knows you used it and didn't add any modifiers to the outcome. If I generate 6 passwords using all of the combinations of three words it's true there are only six possibilities but if you don't know the three words or even that I used three words in the first place how does that help you as an attacker? Length is better than "complexity" every time assuming the attacker doesn't know the exact way the password was created. Most people are far more likely to have their accounts compromised by things like phishing than by traditional cracking anyway. Not to mention secure passwords--beyond the absolute minimum of not using things like "Password1!"--are more about avoiding your password being discovered if the hash is leaked by a site compromise. Even if they can get the password in such an instance you should be using different passwords for different sites to avoid it being useful to them. More on reddit.com
18
1
March 16, 2021xkcd
xkcd.com โบ 936
xkcd: Password Strength
>| Permanent link to this comic: https://xkcd.com/936/ Image URL (for hotlinking/embedding): https://imgs.xkcd.com/comics/password_strength.png ยท ((The comic illustrates the relative strength of passwords assuming basic knowledge of the system used to generate them.
Reddit
reddit.com โบ r/rust โบ xkpasswd-rs: xkcd password generator, written in rust with supports for wasm in mind
r/rust on Reddit: xkpasswd-rs: XKCD password generator, written in Rust with supports for Wasm in mind
May 21, 2023 -
A side project to glue my knowledge of Rust and Wasm, highly inspired by XKCD's Password Strength comic, xkpasswd.net and HSXKPasswd Perl module.
Top answer 1 of 2
6
This is awesome! Going to add this to my list of cool password generator projects. A little bit of "self-advertising" here, I wrote one password generator ( https://passgen.it , source is at https://gitlab.com/xfbs/passgen ) that you can use to generate the same passwords, but it is more flexible. It accepts a regex-like string. For example: $ passgen "[a-z]{12}" hprqseuujhxnpkjs You can generate xkcd-like passwords with it by loading a wordlist: $ passgen -w english:/usr/share/dict/words '(\w{english}-){5}\w{english}' monkey-precociousness-coil-washboard-infringes-chinos It can also tell you how much entropy is in the passwords it generates (it calculates it exactly): $ /passgen -e -w english:/usr/share/dict/words '(\w{english}-){5}\w{english}' entropy: 100.03 bits curiosities-shrewdly-disastrously-dourly-vilely-doughtiest It also can do a few cool other things (like use a markov chain to generate pronounceable gibberish words from a wordlist). Sadly, passgen is written in C (because while I work with Rust I do like to play with C every once in a while). I encourage you to check it out tho. And if you see any feature that you like, feel free to steal it and implement it in your program. Everything is open-source and the more secure passwords we have, the better!
2 of 2
2
Sounds like a popular tool to implement :) I've been using diceware: https://crates.io/crates/diceware
GitHub
github.com โบ redacted โบ XKCD-password-generator
GitHub - redacted/XKCD-password-generator: Generate secure multiword passwords/passphrases, inspired by XKCD
A flexible and scriptable password generator which generates strong passphrases, inspired by XKCD 936:
Starred by 1.4K users
Forked by 189 users
Languages ย Python 87.0% | Roff 8.7% | Shell 4.3%
Correcthorse
correcthorse.pw
Correct Horse Battery Staple: xkcd-Style Password Generator
This is a truly secure password generator that generates xkcd-style easy-to-remember passwords.
Correcthorsebatterystaple
correcthorsebatterystaple.net โบ index.html
Correct Horse Battery Staple | Generate Secure Memorable Passwords
This is an XKCD inspired password generator.
Amazon
amazon.ca โบ rb-Xkcd-Password-Generator โบ dp โบ B07841VFGK
Amazon.ca: Xkcd Password Generator : Alexa Skills
Xkcd password generator is a flexible and effective way to generate passwords that are memorable and long in length.
Hacker News
news.ycombinator.com โบ item
A password generator inspired by the Xkcd password spec | Hacker News
February 21, 2025 - import secrets # On standard Linux systems, use a convenient dictionary file. # Other platforms may need to provide their own word-list. with open('/usr/share/dict/words') as f: words = [word.strip() for word in f] password = ' '.join(secrets.choice(words) for i in range(4)) https://docs.p...
Use a Passphrase
useapassphrase.com
Use a Passphrase
Generate a passphrase or test your password's strength (we don't store or transmit these): ... Because humans are terrible at creating secure passwords. The famous xkcd comic got it right: humans have been trained to use hard-to-remember passwords that are easy for computers to guess.
USNA
usna.edu โบ Users โบ cs โบ wcbrown โบ courses โบ si110AY13S โบ resources โบ password โบ index.html
SI110: Password
The xkcd comic to the right argues that the kind of hard-to-remember passwords we're all using are not that secure and ... are really hard to remember. It argues for choosing four random words and sticking them together instead. This tool generates such a password for you.
Reddit
reddit.com โบ r/xkcd โบ memorable password generator app based on xkcd/936
r/xkcd on Reddit: Memorable password generator app based on XKCD/936
April 15, 2015 - I'm not going to trust an app to generate a pass phrase for me. I did use XKCD's random comic to generate one though. I just used the first significant or interesting word, ignoring articles, pronouns, etc.
Reddit
reddit.com โบ r/sysadmin โบ [security] opinion on the xkcd password strength comic?
r/sysadmin on Reddit: [Security] Opinion on the XKCD Password Strength comic?
March 16, 2021 -
So I had seen the XKCD Password Strength comic a long while back, and it made sense to me, but then I was wondering about dictionary attacks and whatnot, so I wanted to see where everyone stands on this idea.
This site made a small random password generator with a relatively small pool of words, but it sparked an interesting discussion in the comments below about how secure the concept really is.
Ideally, I would still use my password manager and use very long generated gibberish strings, but I figured a random word based password would be good in situations where you couldn't interface with a browser/pw manager, or maybe needed a bit of convenience. Mainly thinking of a computer login screen, but I'm sure there are plenty of other similar situations.
So my computer login for work, uses a relatively short pile of gibberish that I had committed to memory. (It's gibberish that made sense to me, so it wasn't like I spent time trying to memorize it). If it were random words, that would be considerably longer, but discrete words are more... guessable?
Love to hear everyone's general thoughts, as well as anyone who has considerable background in security.
...
FIGHT!
Top answer 1 of 6
8
This site made a small random password generator with a relatively small pool of words, but it sparked an interesting discussion in the comments below about how secure the concept really is. Knowing the algorithm used to generate a password will always lower the challenge of cracking it. Comments about the entropy of that particular generator assume the attacker knows you used it and didn't add any modifiers to the outcome. If I generate 6 passwords using all of the combinations of three words it's true there are only six possibilities but if you don't know the three words or even that I used three words in the first place how does that help you as an attacker? Length is better than "complexity" every time assuming the attacker doesn't know the exact way the password was created. Most people are far more likely to have their accounts compromised by things like phishing than by traditional cracking anyway. Not to mention secure passwords--beyond the absolute minimum of not using things like "Password1!"--are more about avoiding your password being discovered if the hash is leaked by a site compromise. Even if they can get the password in such an instance you should be using different passwords for different sites to avoid it being useful to them.
2 of 6
5
Note that the world might just be going passwordless anyway, but yes the comic is correct
Sentrian
help.sentrian.com.au โบ home โบ how to create a secure password
How to create a secure password โ Sentrian IT Support Centre
January 27, 2023 - If youโre struggling to choose a password, get inspiration from this random phrase generator. Itโs based off the xkcd comic below.
Xkcd
xkcd.pw
XKCD Password Generator
Let's generate a secure, totally in-browser XKCD password.
Optionfactory
password.optionfactory.net
Visual, multi-language XKCD-style password generator
Generate XKCD-style passwords in your language!
GitHub
github.com โบ thialfihar โบ xkcd-password-generator โบ blob โบ master โบ wordlist.txt
xkcd-password-generator/wordlist.txt at master ยท thialfihar/xkcd-password-generator
A password generation inspired by xkcd. Contribute to thialfihar/xkcd-password-generator development by creating an account on GitHub.
Author ย thialfihar
Hacker News
news.ycombinator.com โบ item
Xkcd Password Generator | Hacker News
November 16, 2015 - I have well over a hundred websites listed in my password manager. There is not a chance that I could remember a unique password for every one of them, no matter how easy they were ยท https://www.guildwars2.com/en/news/mike-obrien-on-account-se
Cubewebworks
cubewebworks.co.uk โบ tools โบ secure-passphrase-generator.php
Secure Passphrase Generator (XKCD inspired)
The National Cyber Security Centre, an offshoot that grew out of GCHQ, offers more information to better genertate and manage your passwords.
Bitwarden
community.bitwarden.com โบ ask the community โบ password manager
XKCD-style passwords (CorrectHorseBatteryStaple) - Password Manager - Bitwarden Community Forums
March 23, 2021 - I would like to see the password generator tool allow the option for generating XKCD-style passwords. There are a number of Chrome plugins and Android apps that do this, but it would be great to have this built in to my โฆ