Why We Chose a 3-Word Mnemonic Over a 'Master Password'

The phrase "master password" sounds reassuring. It evokes a single, unbreakable key — one thing to remember, one thing to protect. In practice, it's a thirty-year-old compromise that fails users on both ends: it's hard to remember and, in most real-world cases, easy enough to crack. When we designed Pwdly, we asked an uncomfortable question: what if the master password was the wrong abstraction in the first place?

The reality of human-chosen passwords

Decades of research, leak corpora, and red-team assessments tell the same story: when humans pick passwords, they cluster around predictable patterns. A capital letter at the start, a number at the end, a punctuation mark for good measure. The median "strong" master password in industry datasets sits somewhere between 25 and 35 bits of effective entropy after you account for keyboard patterns, dictionary words, and dates. That's not a wall around your secrets — it's a fence.

Memory is a story engine, not a string buffer

Cognitive science is unambiguous on this: humans store narratives, images, and associations far more reliably than arbitrary character sequences. "Lantern. Otter. Granite." lodges itself in your head after a single read because your brain immediately reaches for imagery — a glowing lantern, a slick otter, a slab of granite. "Tr0ub4dor&3" does not. We chose three words because we wanted to work with human memory rather than against it.

The math behind three words

Pwdly draws each word independently and uniformly at random from a curated list of over 7,700 words. That gives an attacker no patterns to exploit — every combination is equally likely. The resulting entropy is roughly 39 to 40 bits at the wordlist layer, which is comparable to a strong human-chosen password but, critically, guaranteed rather than aspirational. There is no "weak" Pwdly mnemonic the way there are weak master passwords.

Argon2id: turning 40 bits into a brick wall

Forty bits sounds modest until you bolt on a memory-hard key derivation function. Pwdly runs your mnemonic through Argon2id with parameters tuned to consume hundreds of milliseconds and hundreds of megabytes of RAM per attempt. On a single GPU, an attacker can attempt maybe a few hundred guesses per second — and even that requires an enormous memory budget per parallel worker. The economics of brute-forcing a 40-bit secret protected by Argon2id are catastrophically bad for the attacker.

Phishing resistance, accidentally

There's a quiet bonus we didn't anticipate. Master passwords are easy to phish: a fake login page that looks just close enough captures the secret in plaintext. Three-word mnemonics behave differently in users' heads. People type them deliberately, not reflexively. They notice when the prompt feels wrong. We've watched users in usability sessions hesitate at fake prompts they would have plowed through for a normal password. The format itself encourages a moment of attention.

What we gave up

Honesty time: three random words are slightly longer to type than a typical password, and they look unfamiliar to people who've spent twenty years memorizing leetspeak. We mitigate the first with biometric session unlocking and the second with a one-time onboarding flow that walks you through reading your phrase out loud, writing it down, and stashing it somewhere physical. After a week, almost everyone reports they've memorized it without trying.

The verdict

Master passwords are a transitional artifact from an era when password managers were judged by a single feature: "don't lose my data." The modern bar is higher. We want secrets that humans can actually remember, that resist phishing, and that survive offline brute-force attacks for the heat death of a small star. Three words and Argon2id give us all three. We don't think we're being clever — we think the industry stopped questioning the wrong default.