Skip to content
browserutils
Glossary

What is a Passphrase?

A passphrase is a password made of multiple random words. It is easier to remember than character soup and, with enough words, harder to crack.

A passphrase is a password made of multiple words, usually four or more, drawn from a wordlist or a dictionary. Instead of Tr0ub4dor&3, you get correct horse battery staple. The idea, popularized by a 2011 xkcd comic and earlier by Arnold Reinhold’s diceware method, is that human memory is much better at storing words than at storing arbitrary character strings — and a long sequence of random words has more entropy than the kind of password people actually pick.

Why passphrases beat passwords

Password strength is measured in bits of entropy — roughly, the log₂ of the number of guesses an attacker would need to enumerate every possibility. A typical 8-character password (lowercase + uppercase + digits + symbols, ~94 character set) tops out around 52 bits of entropy if it’s truly random. Most user-chosen 8-character passwords are far weaker, because they contain patterns, dictionary words, dates, or common substitutions.

A passphrase generated from a 7,776-word list (the standard EFF/diceware wordlist) gets about 12.9 bits of entropy per word. Stack words and the entropy adds up:

Words Entropy Time to brute-force at 1 billion guesses/sec
3 ~38 bits ~5 minutes
4 ~51 bits ~26 days
5 ~64 bits ~600 years
6 ~77 bits ~5 million years
7 ~90 bits ~40 billion years

Six words is the modern recommendation for high-value accounts. Four is the floor for general use, and only if every word is genuinely random — humans cannot pick “random” words on their own.

The diceware method

Diceware, invented by Arnold Reinhold in 1995, is the canonical way to generate a passphrase: roll five physical dice for each word, look up the resulting five-digit number in a 7,776-entry wordlist, and write down the word. Repeat until you have enough words. Software passphrase generators do the same thing with a cryptographically secure random number generator instead of physical dice.

The two most common wordlists are:

  • The original diceware list — short, sometimes obscure words
  • The EFF long wordlist — 7,776 common, easy-to-type words selected for memorability and lack of confusing homophones

Either gives the same per-word entropy. The EFF list is friendlier for humans.

Passphrase examples

A randomly generated 6-word EFF passphrase looks like:

plunder reroute roving juvenile reset prankish

That’s strong, memorable enough to learn after a few repetitions, and trivially typed on mobile. Compare to xK7$mQ!2bR, which has half the entropy and is much harder to type or remember.

Common mistakes

  • Picking words yourself. Human-chosen “random” words cluster around common nouns and lose most of their entropy. Always use a generator.
  • Adding common substitutions. Tacking !1 onto the end of correct horse battery staple adds almost no entropy because attackers know to check that pattern.
  • Reusing the same passphrase across sites. A breach at one service exposes everywhere you used it.
  • Using fewer than 4 words. Three words from a 7,776-word list is only 38 bits — modern hardware brute-forces that in minutes.
  • Stripping the spaces. correcthorsebatterystaple is fine for entropy but harder to remember chunk-by-chunk.

When to use a passphrase vs a random password

Passphrases are the right choice for passwords you actually have to remember and type — your password manager’s master password, full-disk encryption, your machine login, your SSH key. For everything else, your password manager should generate and store a long random character string per account; you don’t need to memorize those.

Generate a passphrase with the Passphrase Generator, or generate a random character password for password-manager entries with the Password Generator. Test the strength of any password or passphrase with the Password Strength Checker.