The twist: it uses AI to generate nonsensical but grammatically plausible phrases (so you don't get "horse battery staple correct" clones), then gives you 6 variants of the same phrase — spaces, camelCase, lowercase, special characters, numbers, and a fully obfuscated strongest version — so you can pick whatever format a site demands without losing the memorability.
Built with Next.js and the OpenAI API. Falls back to a local wordlist if the API is unavailable.
The primary path uses OpenAI's API with high temperature (1.4) to generate words, so the randomness comes from the model's sampling process rather than a dedicated cryptographic random source. When the API is unavailable or rate-limited, the fallback selects from a ~2,000-word list using crypto.getRandomValues(), which is cryptographically secure.
The security model follows the XKCD argument — entropy comes from the number of possible word combinations. With the local wordlist, a 4-word passphrase gives ~44 bits of entropy (2032^4 ≈ 1.7 × 10^13 combinations), 5 words gives ~55 bits, and 7 words gives ~77 bits.
That said, if you need guaranteed cryptographic randomness, a dedicated password manager like Bitwarden or 1Password is the right tool. This is aimed more at the "I need something memorable I can actually type" use case.