What Is a Passphrase? Passphrase vs Password
A passphrase is a secret made of multiple words rather than a single complex string. Example: 'correct-horse-battery-staple'. Because entropy (randomness) comes from the number and combination of words rather than character complexity, a well-chosen passphrase can be both more secure than a typical password and far easier to remember.
Passphrase vs Password: Entropy
A random 8-character password with uppercase, lowercase, digits, and symbols has about 52 bits of entropy (94^8 ≈ 2^52). A passphrase of 4–5 random words from a 7,776-word wordlist (diceware) achieves 51–64 bits of entropy (7776^4 ≈ 2^51). With 6 words: 77 bits — equivalent to a 13-character random password. More words = more security, but passphrases remain memorable because humans remember words easily.
The Diceware Method
Diceware generates passphrases using physical dice for true randomness. Roll 5 dice, concatenate the numbers, look up the corresponding word in the diceware wordlist (e.g., 62643 = 'this'). Repeat 4–6 times for a passphrase. Because each roll is independent and random, the resulting passphrase is provably as random as the dice themselves.
When to Use Passphrases
Passphrases are ideal for: master passwords for password managers, disk encryption (VeraCrypt, LUKS, FileVault), SSH key passphrases, GPG key passphrases, and accounts you must remember without a password manager. For other accounts, a password manager generating random strings is more practical.
Passphrase Security Tips
Use truly random word selection — do not choose words you think up yourself (cognitive biases make human-chosen 'random' words predictable). Use at least 4 words. Separate words with spaces or hyphens rather than concatenating them (word-boundary attacks are harder). Do not reuse the same passphrase across multiple accounts.