CosmoPass

What is a passphrase?

To put it simply, its a password but consist of easy to pronounce words instead of a bunch of random characters.

why should I use a passphrase? How is it any better than "regular" password

This comic by XKCD sum it up nicely :

How long a passphrase should I use?

4-5 words should be sufficient for many non-critical applications (forum, games, etc). for financial or other types of sensitive system, we recommend at least 6 words.

Is this website secure?

All passphrases are generated on the browser side using Web Crypto API, so we can't store any passphrase on our server. if you wish to, you could even copy/clone this project from github and host it by yourself!

Where do you get your wordlist?

Wordlists used on this page were taken from various sources. See the README of our repo for more information.

Why must the number of wordlists selected be less than the number of words generated?

Its to make sure that the generated passphrase would contain words from all the wordlist, because the strength of the generated passphrase tied to the used wordlist, not only the selected wordlist.

For example if you select 5 wordlists but you generate a 1 word passphrase, than to attack it bad actor would only need to bruteforce 1 wordlist (if assumed the attacker know which language the wordlist is). so the strength of it would be equal to when you select just 1 wordlist.

Is using mixed language better then using just 1 language?

StackExchange forum has some good discussion here and here. Generally, adding more words would had better gain than adding more language. However its still a valid choice if you wish for a limited number of words, or if you have character length limitation.