Generate speakable passwords from fake syllables. Easy to say aloud, type from memory, and share verbally — without using real dictionary words.
Use ⌘ + D to bookmark this toolA pronounceable password is built from fake but speakable syllables — like bortavi, kumestal, or fenprado. Each syllable follows natural English phonetic patterns: a consonant onset, a vowel nucleus, and an optional consonant coda (CVC or CV). The result sounds like it could be a real word but isn't found in any dictionary.
This fills the gap between fully random passwords (secure but impossible to remember) and passphrases (memorable but long). Pronounceable passwords are short enough for sites with 12-16 character limits, easy to read aloud or share verbally, and still cryptographically random — every syllable component is selected using crypto.getRandomValues().
| Type | Example | Length | Entropy | Best For |
|---|---|---|---|---|
| Pronounceable | bortaviken37 | 12 chars | ~37 bits | Verbal sharing, short limits |
| Random | x7#Qm9!kB2$p | 12 chars | ~79 bits | Maximum security per character |
| Passphrase | correct-horse-battery | 22 chars | ~42 bits | Easy memorization, long fields |
Pronounceable passwords trade some entropy per character for speakability. Increase length to 16-20 characters for stronger security while keeping the password easy to say aloud.
Some sites and systems cap passwords at 12-16 characters — too short for a passphrase but awkward for random strings. Pronounceable passwords pack memorability into compact, speakable strings that fit strict limits.
Reading "x7#Qm9!k" over the phone is error-prone and slow. A pronounceable password like "bortaviken" can be spoken naturally, understood on the first try, and spelled out without confusion.
When you can't paste from a password manager — like on a shared computer, kiosk, or someone else's device — pronounceable passwords are far easier to type correctly from memory than random character strings.
Temporary WiFi passwords, guest accounts, workshop logins, and event credentials all benefit from passwords that are easy to communicate to groups and type quickly without mistakes.
Every syllable is assembled from three components following English phonotactics:
Onset (44 options) — the initial consonant or cluster: b, cr, str, th, pl, etc. These are filtered to only include clusters that naturally begin English syllables.
Nucleus (17 options) — the vowel core: a, e, i, o, u, plus diphthongs like ai, ea, oo, ou. This is what makes the syllable speakable.
Coda (43 options) — the ending consonant or cluster: ck, nd, mp, rt, sh, etc. Codas are optional — some syllables use the CV pattern (onset + nucleus only) for variety and length control.
A full CVC syllable provides ~15 bits of entropy. A CV syllable provides ~9.5 bits. The engine picks CVC or CV syllables as needed to hit the target length exactly.
Generate strong, random passwords with customizable length, character sets, and options.
Generate strong, memorable passphrases from random words. Easier to remember, just as secure.
Create easy to remember passwords from random words or your own phrases with leet speak conversion.
Generate multiple unique passwords at once. Perfect for IT admins and account provisioning.
Generate cryptographically secure API keys, tokens, and secrets in multiple formats.
Generate strong, easy-to-share WiFi passwords for your home or office network.
Create a scannable QR code for your WiFi network. Guests connect instantly.
Extract the WiFi password from a QR code image. Upload or paste — no camera needed.
Generate cryptographically random PIN codes. Perfect for device locks and access codes.
Test how strong your password is. See estimated crack time, entropy, and suggestions.
Calculate the exact entropy of any password configuration. See bits, combinations, and crack times.
Generate MD5 hashes from any text. Useful for checksums, cache keys, and legacy system compatibility.
Generate SHA-512 hashes using the native Web Crypto API. 512-bit security for signatures and integrity.
Generate a Code 128 barcode that types username, TAB, password, ENTER into login forms when scanned.
Generate passwords optimized for TVs, game consoles, and devices with on-screen keyboards. No symbols.
Generate fun, memorable passwords children can actually remember. Word stories: red-panda-jumps-42.
A pronounceable password is made from fake but speakable syllables — like 'bortavi' or 'kumestal'. Each syllable follows English phonetic rules (consonant-vowel-consonant patterns), so the result sounds like it could be a real word but isn't found in any dictionary. This makes it easy to say aloud, type from memory, and share verbally.
A passphrase uses real dictionary words separated by spaces or dashes (e.g. 'correct horse battery staple'). A pronounceable password uses invented syllables joined into a single compact string (e.g. 'bortaviken'). Pronounceable passwords are shorter — typically 8-20 characters — making them ideal for sites with strict length limits where a full passphrase won't fit.
Security depends on length and options. A 12-character pronounceable password with a number suffix provides roughly 37 bits of entropy — rated 'fair' and suitable for everyday accounts. Increasing to 16-20 characters pushes entropy above 50 bits ('strong'). For maximum security, use our standard Password Generator which offers higher entropy per character.
Pronounceable passwords are ideal when you need to: share a password verbally (over the phone or in person), type it from memory on a device without a password manager, meet strict length limits (12-16 characters), or create temporary credentials for shared accounts. They fill the gap between random strings and full passphrases.
An attacker who knows you used a syllable-based generator could narrow the search space compared to fully random characters. That's why we calculate and display honest entropy based on the actual syllable pool sizes (44 onsets × 17 nuclei × 43 codas), not the full character set. The displayed strength rating reflects this realistic threat model.
No. All syllable assembly and password generation happens entirely in your browser using the Web Crypto API (crypto.getRandomValues). No passwords, settings, or syllable data are ever sent to a server. You can verify this by checking the Network tab in your browser's developer tools.