To add this function to your own web page, first copy "gpw.js", and then view the source of this web page to see how to invoke it.
Once gpw.js is loaded on your device, it generates passwords locally on your device, without accessing the Internet.
This password generator is modeled after Morrie Gasser's original generator described in
except that Morrie's used a second-order approximation to English and this generator uses a third-order approximation. A descendant of Gasser's generator was added to the Multics operating system by Project Guardian in the mid 1970s, and I believe Digital's VMS added a similar feature in the 80s. FIPS Standard 181 describes a similar digraph-based generator, derived from Gasser's.
[FIPS Standard 181 has been withdrawn without a replacement. Weaknesses in Gasser-like password generators were found in the 1990s. See "A New Attack on Random Pronounceable Password Generators" (1994) by Ravi Ganesan and Chris Davies.]
(25 Jan 2016) I get mail occasionally from people that point out that some passwords are short. This can happen if the input dictionary contains some digraphs that only appear at the end of a word, such as "fy" and "qs". The algorithm gets "trapped." You could generate your own dictionary with extra words to prevent this, if you think it is a problem.
The best way to use generated passwords is to modify them in ways known only to you. Make some letters capital, or insert punctuation and numbers, in order to use a larger alphabet. You could also generate two passwords and combine them.
If you wish to secure extremely valuable assets, consider using better sources of randomness, longer passwords, or stronger methods than passwords. See RFC 4086, Randomness Requirements for Security, D. Eastlake, 3rd, J. Schiller, S. Crocker. June 2005.
Reusing passwords is very risky. Generate fresh ones for each need and store a list in an encrypted file. (Static or reusable passwords are obsolete. If you have a choice of authentication methods, look for a stronger method than passwords.)