What Is a Passphrase and Why Is It Safer Than a Password?

Q: How many words does a passphrase need to be secure?

Four randomly selected words from a large wordlist (5,000+ words) gives approximately 48–52 bits of entropy — strong enough to resist offline brute-force attacks. NIST recommends at least 4 words. For high-value accounts like a password manager master password, use 5–6 words.

Q: What does NIST say about passwords in 2024?

NIST's 2024 Digital Identity Guidelines (SP 800-63B) recommend prioritising length over complexity. They advise against mandatory special character requirements and periodic password changes, and encourage the use of passphrases. Length of 15+ characters is preferred over shorter complex passwords.

Q: Is 'correct horse battery staple' actually secure?

That specific phrase from the XKCD comic is not secure because it's famous and would be in any wordlist attack. The concept is sound — random words are strong — but you must use words selected randomly, not a known phrase. Use a passphrase generator, not a memorable phrase you invented.

What Is a Passphrase?

A passphrase is a password made of multiple random words strung together, often with a separator. Classic example from the XKCD comic: "correct horse battery staple." Modern generators produce things like "Marble-Forest-Zephyr-Knight42."

The key word is random. A passphrase is not a memorable sentence you composed — it's a set of words chosen by a cryptographically secure random number generator from a large wordlist. The difference matters enormously for security.

The Math: How Strong Is a Passphrase?

Password strength is measured in bits of entropy. Each bit doubles the number of guesses an attacker needs. The formula is:

entropy = log₂(pool_size ^ length)

For a passphrase:

Wordlist size: ToolLance's generator uses ~100 words for simplicity, but Diceware uses 7,776 words. For this comparison, assume 7,776.
4 words: log₂(7776⁴) ≈ 51.7 bits
5 words: log₂(7776⁵) ≈ 64.6 bits
6 words: log₂(7776⁶) ≈ 77.5 bits

For comparison, a random character password:

10 chars (a-z + A-Z + 0-9 + symbols, pool 94): log₂(94¹⁰) ≈ 65.5 bits
12 chars, same pool: ≈ 78.6 bits
8 chars, same pool: ≈ 52.4 bits

A 4-word passphrase (52 bits) matches the strength of a random 8-character password — but is dramatically easier to remember and type. A 5-word passphrase (65 bits) matches a random 10-character password.

What NIST Says in 2024

The US National Institute of Standards and Technology updated its Digital Identity Guidelines (SP 800-63B) in 2024. The key changes relevant to passphrases:

Length over complexity: NIST now recommends prioritising length rather than mandatory complexity rules (must have a number, must have a symbol). A long passphrase beats a short complex password.
No mandatory rotation: Periodic password changes are no longer recommended unless there's evidence of compromise. This makes passphrases practical — you can actually remember one long-term.
15+ character minimum: For high-security accounts, NIST suggests at least 15 characters. A 4-word passphrase with separators easily exceeds this.
No complexity requirements: NIST advises against forcing users to include special characters, uppercase, etc. A 5-word lowercase passphrase is considered compliant and strong.

The Memorability Advantage

The main practical benefit of passphrases is that humans can actually remember them. "Marble-Forest-Zephyr-Knight" creates a mental image — you can picture a marble statue in a forest next to a knight. Random character passwords like "xK9!mP2@" create no such image.

This matters because the alternative to memorisation is a password manager. Password managers are excellent, but your master password — the one you can't store in the manager — needs to be both strong and memorable. A 5–6 word passphrase is ideal for this role.

The Critical Warning: "Correct Horse Battery Staple" Is Not Secure

The specific passphrase from the XKCD comic is now famous worldwide. Any serious attacker testing passphrases will include it in their wordlist. The same applies to any passphrase you can find in a blog post, comic, or example.

The words must be genuinely random. "summer vacation beach trip" is a memorable phrase you composed — it's not a random passphrase. Attackers test semantic phrases, common collocations, and song lyrics. A truly random selection like "marble forest zephyr knight" is far harder to guess because there's no semantic connection an attacker can exploit.

Use a generator with cryptographically secure randomness (like ToolLance's Passphrase Generator, which uses crypto.getRandomValues()), not a phrase you invented.

How to Generate a Passphrase

ToolLance's Password Generator has a dedicated Passphrase tab. You can configure:

Word count: 3–10 words (4–5 recommended for most accounts)
Separator: Dash, space, dot, underscore, or none
Capitalize: First letter of each word capitalised
Append number: Adds a random 2-digit number at the end (helps with sites requiring numbers)
Append symbol: Adds a random symbol for sites that require one

The strength meter shows entropy in bits and estimated crack time at 1 trillion guesses per second — so you can see exactly how strong your passphrase is before using it.

Frequently Asked Questions

How many words does a passphrase need to be secure?

Four randomly selected words from a large wordlist gives approximately 50 bits of entropy. For high-value accounts like a password manager, use 5–6 words.

What does NIST say about passwords in 2024?

NIST's 2024 guidelines recommend length over complexity, no mandatory periodic changes, and no forced special character requirements. Passphrases of 15+ characters are explicitly encouraged.

Is "correct horse battery staple" actually secure?

No — that specific phrase is now famous and would appear in any serious wordlist attack. The concept (random words) is sound, but the words must be selected by a random generator, not taken from a known example.