Make Me a Password is all about passwords which a human being can remember (or at least has some chance of remembering), but are actually secure. That is, the passwords are really passphrases, which are much, much easier to memorise (and are occasionally quite humerous). And we carefully count all the possible combinations, making mathematically certain that passwords are difficult to guess.

Recommended Usage

We recommend the passwords generated from this site are used only for memorised passwords. Use a password manager for 95% of your accounts, but you have to memorise (at the very least) the password to your password manager - and probably your computer as well. Let your password manager remember as many passwords as possible (after all, computers are very good at remembering), but let this site make your password manager password and your login password.

More questions? There's a stack of questions and answers (some detailed and technical) at the FAQ page.


What do we mean by "secure"? There are many ways to answer that question. But here are three key points:

  1. Passwords are not saved on the server. We don't analyse, track or otherwise make any notes about your password. Ever. No exceptions. Your password needs to be secret to be effective and we make every effort to keep it secret.
  2. Passwords are sent over a secure HTTPS connection. This is the same as banks use and keeps 3rd parties from prying on your password.
  3. Weak or easily guessable passwords are not allowed. We mathematically check each password generated to make sure its hard to guess.

See the FAQ and technical section for more information


You can support this site by making a small donation. Donations are completely optional and will not otherwise affect your ability to use or access the site.


This site is copyright © Murray Grant 2014. Content by the author is licensed under a Creative Commons License CC BY 4.0. Other content is copyright their respective owners.

Source code is available under the Apache license.

Dictionaries are available for download under CC BY 4.0.

A quick summary of the licenses: the site and passwords generated from it to be used for any purpose (commercial or non-commercial) as long as appropriate attribution is included (a link to this site is appropriate).

Terms of Use

This site is available for public consumption under the assumption that it provides a useful service (yes, this is a big assumption!). If you find the site is not useful, you are advised to stop using it.

There is no warrant of fitness or guarantee of service implied or expressed. The service is made available on a best effort basis, as is. It may be unavailable without warning.

The author reserves the right to discontinue the service and remove the site without warning or prior notice.

The author controls content and functionality of this site at his sole discretion. While you can provide feedback, there is no guarantee such feedback will be incorporated into the site or underlying algorithms.

Privacy / GPDR

This site does not record any personally identifiable information about you. No cookies are created to identify you or your browser. No names, addresses, emails, phone numbers, birthdays or usernames are required to generate passwords. No generated passwords are recorded - no exceptions.

Local storage is used to record you last selection when you generate passwords. These preferences do not leave your browser.

Standard web server logs are kept of each request. This includes the current date and time, your IP address, and details of what kind of password was requested (eg: dictionary passphrase of 4 words).

Statistics record the amount of entropy used to generate passwords. No IP address are recorded against these statistics. These statistics are used by me to check the correct operation of the site, and note usage patterns.

Data is purged when I get around to it. Generally, that means data is retained for a minimum of 12 months, and without any maximum duration (that is, I keep logs until my disk space runs low).

Data is not shared with any third party, unless I am legally compelled to do so.

You may request a copy or request I delete the data I have identifying you (under GPDR). Generally, I cannot comply with such requests as IP addresses are the only identifying marker I keep (you would need to produce evidence of particular IP address(es) used by you for specific dates to have any hope of me complying).