In our testing of passphrase generation methods, we found that choosing between Diceware, BIP39, and the NCSC three-random-words approach depends more on your use case than raw security. But first, let's understand exactly what each method offers. All three produce memorable passphrases from word lists — but they differ in entropy per word, intended use case, and practical usability. This comparison breaks down the technical differences so you can pick the right method for your specific security needs.
In our testing of all three generation methods across desktop, mobile, and CLI environments, we found that the choice between them matters less for raw security (all three can produce uncrackable passphrases at sufficient word counts) and more for use case fit — BIP39 is for cryptocurrency seeds, Diceware is the general-purpose gold standard, and NCSC three words is optimised for everyday consumer accounts where memorability trumps maximum entropy.
| Feature | Diceware | BIP39 | NCSC 3 Words |
|---|---|---|---|
| Word list size | 7,776 words | 2,048 words | ~80,000+ (English vocabulary) |
| Entropy per word | 12.92 bits | 11 bits | ~12-16 bits (depends on vocabulary) |
| Recommended word count | 5-6 words | 12-24 words | 3 words |
| Total entropy at recommendation | ~64-77 bits | 128-256 bits | ~36-48 bits |
| Human memorable? | Moderate (uncommon words) | Low (specialised terms) | High (common words) |
| Best use case | Password manager master passwords | Cryptocurrency seeds | Everyday online accounts |
| Physical method available | Yes (5 dice) | No (software only) | No (software only) |
| CSPRNG required | Optional (can use dice) | Required | Required |
| Word list standardized? | Yes (EFF + original) | Yes (BIP39 spec) | No (implementation-dependent) |
Diceware was developed by Arnold Reinhold in 1995 as a method for generating passphrases using physical dice. Each word in the passphrase requires five dice rolls, producing a five-digit number between 11111 and 66666 — exactly 7,776 possible combinations. The number maps to a word in a 7,776-word list. A Diceware passphrase of five words gives approximately 64.6 bits of entropy, which security researchers consider sufficient for high-value accounts.
The EFF (Electronic Frontier Foundation) revised the original Diceware wordlist in 2016, removing ambiguous, offensive, or hard-to-spell words while keeping the 7,776-word count. The EFF large wordlist is now the standard implementation used by most software passphrase generators, including our own Passphrase Maker generator.
Diceware's key advantage is that it CAN be done entirely offline with physical dice — no computer, no software, no network required. For maximum-security setups like password manager master passwords and encryption keys, this verifiable physical randomness is irreplaceable.
BIP39 (Bitcoin Improvement Proposal 39) defines how cryptocurrency wallets generate mnemonic seed phrases. It uses a fixed 2,048-word list — chosen by the Bitcoin community — to encode 128 to 256 bits of entropy into 12 to 24 words. The last word includes a 4-bit checksum to detect transcription errors.
BIP39 is NOT designed as a general-purpose passphrase system. Its word list includes obscure terms chosen for minimal ambiguity across languages, not for memorability. However, because BIP39 phrases are widely used and tested, some users repurpose them as master passwords — which creates the risk we mentioned in the FAQ above.
The BIP39 standard includes word lists for multiple languages (English, Chinese, French, Italian, Japanese, Korean, Spanish) making it globally accessible. The entropy at 12 words (128 bits) exceeds anything needed for password security — this level is necessary for cryptocurrency because a wallet seed is a single point of failure with no password reset option.
The NCSC (National Cyber Security Centre) published its three-random-words guidance in 2016, recommending that users combine three random words from everyday English vocabulary to create memorable yet secure passwords. Unlike Diceware and BIP39, the NCSC method doesn't use a fixed word list — it draws from the full English vocabulary of 80,000+ words, making each word selection more varied and the resulting passphrase more natural.
The NCSC method was deliberately designed for the consumer market: three common words are easier to remember than a 10-character random password, and the guidance has been adopted by CISA and security agencies worldwide. Our detailed NCSC method guide covers the implementation and best practices.
The trade-off is lower total entropy at the recommended word count. Three common words from an 80,000-word vocabulary provide approximately 35-40 bits of entropy — sufficient for websites with rate limiting and MFA, but below the threshold for master passwords, encryption keys, or high-value accounts without additional protection.
| Words | Diceware | BIP39 | NCSC (est.) | Security Level |
|---|---|---|---|---|
| 3 | 38.8 bits | 33 bits | ~36-40 bits | Low — ok with MFA |
| 4 | 51.7 bits | 44 bits | ~48-52 bits | Medium — consumer accounts |
| 5 | 64.6 bits | 55 bits | ~60-64 bits | High — master passwords |
| 6 | 77.5 bits | 66 bits | ~72-76 bits | Very high — encryption keys |
| 12 | 155 bits | 132 bits | — | Maximum — crypto seeds |
ENISA recommends a minimum of 48 bits of entropy for password-based authentication protecting sensitive data. All three methods meet this threshold at 4+ words. The NIST SP 800-63B guidelines, which informed much of the passphrase length guidance, suggest that memorized secrets should have at least 30 bits of entropy for Level 2 assurance.
The right method depends entirely on your use case:
Which passphrase generation method is most secure?
All three methods (Diceware, BIP39, NCSC) can produce passphrases with sufficient entropy for modern security requirements when implemented correctly. Diceware with five words provides approximately 64 bits of entropy; BIP39 with twelve words provides 128 bits (for cryptocurrency seeds); and NCSC three words provides approximately 36 bits which is adequate for low-to-medium security accounts. For maximum security, the key variable is word count, not the word list. Any CSPRNG-based generator using a word list of at least 7,776 words is mathematically equivalent.
Can I use a BIP39 seed phrase as my master password?
Technically yes, but it's not recommended. BIP39 seed phrases are specifically designed for cryptocurrency wallet recovery — they encode 128-256 bits of entropy that map to deterministic wallet seeds. Using them as login passwords creates two problems: BIP39 phrases are longer than most password fields allow (12-24 words), and exposing your BIP39 seed phrase in a password manager or website increases the risk of your crypto wallet being compromised. Keep BIP39 phrases for cryptocurrency wallets; use Diceware or NCSC phrases for passwords.
Does the NCSC three-random-words method still work in 2026?
Yes. The NCSC three-random-words guidance remains effective for consumer accounts in 2026. A three-word passphrase from an 80,000+ word English vocabulary provides approximately 35-40 bits of entropy — sufficient for websites protected by rate limiting, CAPTCHA, and MFA. The NCSC method is deliberately designed for human usability: three common words are far easier to remember than an 8-character mixed-case password with symbols, and users are less likely to reuse them across sites.
What is the entropy difference between Diceware and BIP39?
Diceware uses a 7,776-word list so each word provides log₂(7,776) ≈ 12.92 bits of entropy. Five Diceware words = 64.6 bits. BIP39 uses a 2,048-word list giving 11 bits per word. Twelve BIP39 words = 132 bits (commonly 128 bits of actual entropy plus 4 checksum). In practical terms, both can generate passphrases far beyond cracking capabilities — a 6-word Diceware passphrase (77.5 bits) would take millions of years to brute-force. The difference matters only for cryptocurrency seed security, where 128-bit minimum is mandatory.
Which passphrase method is easiest to remember?
NCSC three-random-words is the easiest because it uses the smallest number of short, common English words. Diceware words are less common than full English vocabulary but more memorable than BIP39 terms. For everyday use, the NCSC method or a 4-word Diceware phrase provides the best memorability-to-security ratio. For maximum security with memorability, a 5-word Diceware phrase with a memorable story is recommended — the passphrase memorability guide covers several mnemonic techniques.
Our passphrase generator supports Diceware (EFF wordlist), custom-length phrases, and a word-join strategy selector. No tracking, no sign-up, entirely client-side.
Generate Your Passphrase →This guide is for educational purposes. Passphrase Maker is a free tool and does not accept affiliate commissions from passphrase or security tool providers. Full disclosure.