What is a Passphrase?
A passphrase is a password made of multiple random words. It is easier to remember than character soup and, with enough words, harder to crack.
A passphrase is a password made of multiple words, usually four or more, drawn from a wordlist or a dictionary. Instead of Tr0ub4dor&3, you get correct horse battery staple. The idea, popularized by a 2011 xkcd comic and earlier by Arnold Reinhold’s diceware method, is that human memory is much better at storing words than at storing arbitrary character strings — and a long sequence of random words has more entropy than the kind of password people actually pick.
Why passphrases beat passwords
Password strength is measured in bits of entropy — roughly, the log₂ of the number of guesses an attacker would need to enumerate every possibility. A typical 8-character password (lowercase + uppercase + digits + symbols, ~94 character set) tops out around 52 bits of entropy if it’s truly random. Most user-chosen 8-character passwords are far weaker, because they contain patterns, dictionary words, dates, or common substitutions.
A passphrase generated from a 7,776-word list (the standard EFF/diceware wordlist) gets about 12.9 bits of entropy per word. Stack words and the entropy adds up:
| Words | Entropy | Time to brute-force at 1 billion guesses/sec |
|---|---|---|
| 3 | ~38 bits | ~5 minutes |
| 4 | ~51 bits | ~26 days |
| 5 | ~64 bits | ~600 years |
| 6 | ~77 bits | ~5 million years |
| 7 | ~90 bits | ~40 billion years |
Six words is the modern recommendation for high-value accounts. Four is the floor for general use, and only if every word is genuinely random — humans cannot pick “random” words on their own.
The diceware method
Diceware, invented by Arnold Reinhold in 1995, is the canonical way to generate a passphrase: roll five physical dice for each word, look up the resulting five-digit number in a 7,776-entry wordlist, and write down the word. Repeat until you have enough words. Software passphrase generators do the same thing with a cryptographically secure random number generator instead of physical dice.
The two most common wordlists are:
- The original diceware list — short, sometimes obscure words
- The EFF long wordlist — 7,776 common, easy-to-type words selected for memorability and lack of confusing homophones
Either gives the same per-word entropy. The EFF list is friendlier for humans.
Passphrase examples
A randomly generated 6-word EFF passphrase looks like:
plunder reroute roving juvenile reset prankish
That’s strong, memorable enough to learn after a few repetitions, and trivially typed on mobile. Compare to xK7$mQ!2bR, which has half the entropy and is much harder to type or remember.
Common mistakes
- Picking words yourself. Human-chosen “random” words cluster around common nouns and lose most of their entropy. Always use a generator.
- Adding common substitutions. Tacking
!1onto the end ofcorrect horse battery stapleadds almost no entropy because attackers know to check that pattern. - Reusing the same passphrase across sites. A breach at one service exposes everywhere you used it.
- Using fewer than 4 words. Three words from a 7,776-word list is only 38 bits — modern hardware brute-forces that in minutes.
- Stripping the spaces.
correcthorsebatterystapleis fine for entropy but harder to remember chunk-by-chunk.
When to use a passphrase vs a random password
Passphrases are the right choice for passwords you actually have to remember and type — your password manager’s master password, full-disk encryption, your machine login, your SSH key. For everything else, your password manager should generate and store a long random character string per account; you don’t need to memorize those.
Generate a passphrase with the Passphrase Generator, or generate a random character password for password-manager entries with the Password Generator. Test the strength of any password or passphrase with the Password Strength Checker.
Comments