The classic XKCD comic made the case in 2011: four random words (correct horse battery staple) is both more secure and more memorable than a short, mangled password like Tr0ub4dor&3. The argument was right then and it's still right. But the details matter.
Entropy: The Only Metric That Matters
Password strength is measured in bits of entropy. Entropy tells you how many guesses an attacker needs, on average, to crack your password.
- 1 bit of entropy = 2 possible values (a coin flip)
- N bits of entropy = 2ᴺ possible values
Adding 1 bit doubles the search space. Adding 10 bits multiplies it by 1,024. Modern password crackers can test billions of guesses per second, so you need high entropy.
Password Entropy: The Numbers
| Password type | Length | Character set | Entropy (bits) |
|---|---|---|---|
password | 8 | lowercase (26) | ~38 bits |
P@ssw0rd | 8 | mixed (80) | ~50 bits |
| Random 12 chars | 12 | full ASCII (95) | ~79 bits |
| Random 16 chars | 16 | full ASCII (95) | ~105 bits |
| Random 20 chars | 20 | full ASCII (95) | ~131 bits |
Passphrase Entropy: The Numbers
Passphrase entropy depends on how words are selected. The key requirement is random selection from a known wordlist — not words you choose yourself (humans are predictable).
The most common method is Diceware: roll a die 5 times per word, look up the result in a 7,776-word list (6⁵ = 7,776). Each word adds ~12.9 bits of entropy.
| Passphrase | Words | Wordlist size | Entropy (bits) |
|---|---|---|---|
| Diceware 3 words | 3 | 7,776 | ~39 bits |
| Diceware 4 words | 4 | 7,776 | ~51 bits |
| Diceware 5 words | 5 | 7,776 | ~64 bits |
| Diceware 6 words | 6 | 7,776 | ~77 bits |
| EFF 7 words | 7 | 7,776 | ~90 bits |
The Critical Requirement: Random Selection
Both security models break down without genuine randomness. The phrase "correct horse battery staple" is now famous — and therefore appears in cracking dictionaries. You cannot reuse famous examples.
For passphrases, "random" means:
- Each word is selected independently with equal probability from the wordlist
- You use a CSPRNG or actual dice, not your brain
- You use a large wordlist (thousands of words minimum)
Choosing words yourself introduces bias — you'll pick common words, meaningful combinations, or words from your native language. Attackers build word-combination dictionaries that specifically target this.
Memorability: Where Passphrases Win
Random character passwords are nearly impossible to memorize. kR#9mP!qvZ2&wN is 105 bits of entropy and completely unmemorable. That's fine if you store it in a password manager — you never need to type it.
Passphrases trade some entropy efficiency for memorability. velvet-margin-frozen-orbit-pine is 64 bits — memorizable with a few repetitions, typeable on a phone keyboard without pain, and secure enough for most purposes.
Use passphrases for:
- Password manager master password — you must memorize this; it encrypts everything else
- Full-disk encryption password (laptop, external drive)
- SSH key passphrase
- Any password you must type regularly and cannot use a manager for
Use random character passwords for:
- Everything stored in your password manager — you never type these
- Accounts with character restrictions that penalize spaces
- APIs and service credentials
Common Mistakes
1. Choosing words yourself
If you choose "ocean blue summer dream", you've described a scene. Your brain generates thematic word clusters, not independent random choices. Use a tool that calls a CSPRNG.
2. Using short wordlists
A 100-word wordlist gives each word only 6.6 bits. Three words from it = 20 bits of entropy — crackable in milliseconds. Use the EFF large wordlist (7,776 words) or the EFF short list 2 (1,296 words, 10.3 bits/word).
3. Using predictable separators
If you always use hyphens between words, that's one less thing an attacker needs to guess. Vary separators or use spaces, or include a random digit between words.
4. Short passphrases
Three Diceware words is only ~39 bits. At 10 billion guesses/second, that's cracked in under a minute. Use at least 5 words (64 bits) for anything sensitive.
The Verdict
Neither passphrases nor character passwords are universally better. Use the right tool for the context:
- Must memorize? → 6–7 word random passphrase
- Stored in manager? → 16–20 character random password
- Both are fine when: truly random, sufficiently long, and never reused