A sequence of words used as a password, typically longer and more memorable than traditional passwords. Passphrases like 'correct horse battery staple' provide strong security while being easier to remember than random character strings.

What is Passphrase? | Privacy Glossary

A passphrase trades complexity for length. Instead of P@ssw0rd!23 (which is actually weak), use correct horse battery staple (which is much stronger and easier to remember).

Why Passphrases Work

Math of Password Strength

8-character complex password:

95 possible characters per position
95^8 = 6.6 quadrillion combinations
Crackable in hours with modern hardware

4-word passphrase:

7776 words in standard Diceware list
7776^4 = 3.6 quadrillion combinations
Similar strength, much easier to remember

6-word passphrase:

7776^6 = 221 trillion trillion combinations
Effectively uncrackable

Generating Good Passphrases

Diceware Method

Roll 5 dice (or use random number generator)
Look up resulting number in word list
Repeat 5-7 times
Result: bloom atlas cactus merit rely globe

Key Requirements

True randomness (not "your" random)
Use established word lists
Don't modify or "improve" output
At least 5-6 words

Good vs Bad Passphrases

Strong

holster crepe stunt exert daybed (random)
mercury envelope pizza submarine (random)

Weak

ilovemycatfluffy (predictable)
tobeonottobe (famous quote)
password123456 (common pattern)
Song lyrics, book quotes, etc.

When to Use Passphrases

Perfect For

Master password for password manager
Full disk encryption
Encryption keys you must memorize
Accounts where you can't use password manager

Less Ideal For

Sites with length limits
Systems requiring special characters
Frequently-entered passwords (typing fatigue)

Passphrase Best Practices

Generate truly randomly (don't pick words yourself)
Use at least 5-6 words
Don't reuse across accounts
Consider adding random element (mercury7envelope#pizza)
Store backup in password manager

What is Passphrase?