Passphrases vs Passwords: Which Is Actually More Secure?

"Tr0ub4dor&3" looks more secure than "correct horse battery staple." It has uppercase, lowercase, numbers, and a special character. The second string is just four plain words.

The second one is stronger. By a significant margin.

This counterintuitive result became widely discussed after a 2011 webcomic illustrated it, but the underlying math has been understood by security researchers for much longer. It's worth understanding clearly, because it changes how you think about what "strong" actually means.

What Entropy Actually Is

Password strength is measured in bits of entropy — a way of quantifying unpredictability. Specifically, how many guesses would an attacker need to make, on average, to find your password by trying all possibilities?

The more entropy, the more guesses required. More guesses means more time and computation required to crack.

Entropy depends on two things: the size of the pool you're choosing from, and how many choices you make. Larger pool + more choices = higher entropy.

Why "Tr0ub4dor&3" Falls Short

That password looks complex, but consider its actual structure: it's the word "troubadour" with a few standard substitutions (o→0, a→4), a symbol inserted, and a number appended. This is a recognizable pattern — one that cracking tools account for explicitly.

When attackers run dictionary attacks with rule sets, they're systematically generating exactly these kinds of transformations: capitalize first letter, replace letters with numbers, append symbols, append digits. A password built on a dictionary word with predictable modifications has far less effective entropy than it appears to have. The "pool" it's drawn from isn't all possible character combinations — it's all common words times all common transformation rules, which is a much smaller set.

Against a cracking rig running bcrypt hashes, a password like this might fall in days or weeks rather than centuries.

Why Four Random Words Work

"Correct horse battery staple" draws from a different kind of randomness. If the words are genuinely chosen at random from a large wordlist — say, the EFF's 7,776-word Diceware list — then each word adds about 12.9 bits of entropy. Four words gives roughly 51 bits of entropy. Five words gives about 64 bits.

51 bits of entropy means about 2.25 quadrillion possible combinations. Even at a billion guesses per second against a fast hash, that takes over 71 years. With bcrypt, it's effectively unreachable in any practical time frame.

The passphrase is also 28 characters long, which raises the brute-force floor dramatically even for attackers who don't know it's a passphrase.

And critically: it's memorable. The strangeness of the combination — a horse correctly identifying a battery and a staple — is exactly what lodges it in memory. Bizarre mental images stick. That's not a security weakness; it's a feature of how human memory works when the words are genuinely random rather than intentionally chosen to be weird.

The Key Word Is "Random"

The word "random" here is load-bearing. A passphrase made of words you chose because they sounded good, told a story, or came from your favorite song is not random. It's drawn from a much smaller effective pool than true randomness provides.

"Purple Mountain Majesty" is three words long and feels random. But it's a famous lyric from a well-known song — it's in every major wordlist. "Time Is Money" is a common idiom. "Dogs Love Walks" is a predictable, thematically coherent phrase that cracking tools can generate systematically.

True randomness means the words have no connection to each other, to you, or to any knowable context. "Marble Fence Cloud Bicycle" is strong. "Mountain Blue Sky Eagle" is thematically coherent and much weaker than it looks, even at the same length.

This is why Diceware — physically rolling dice to select words from a numbered list — is a trusted method. The physical randomness of dice removes any possibility of unconscious bias in the selection.

When Passphrases Are the Better Choice

Passphrases shine in one specific use case: the master password for your password manager, or any password you need to type regularly and can't autofill. The combination of high entropy and genuine memorability makes them ideal for this. You don't want to write your master password down permanently — you want to actually know it.

They're also useful for device unlock PINs or passwords where you're entering something manually many times a day. A random character string is painful to type repeatedly. A passphrase is not.

When Traditional Passwords Win

For accounts where you use a password manager and the password is filled in automatically — which should be most accounts — the choice of format matters less. A 20-character random string like "K9#mLpX!2rQzFw9nBv3q" is slightly higher entropy per character than a passphrase of similar length, because it draws from a larger character set.

Some systems have character limits that make long passphrases impractical (though this is increasingly rare). Some require symbols or numbers in ways that a pure-word passphrase doesn't satisfy. In these cases, use the generator and let the manager store it.

The Honest Answer

Both approaches work when done correctly. The mistake isn't choosing one format over the other — it's choosing something short, something predictable, or something based on a real phrase rather than genuine randomness.

If you need to remember it: use a passphrase made from genuinely random words. If a password manager is handling storage and autofill: use a generated random password and don't worry about memorizing it. Either approach, done right, is dramatically more secure than any password you invented to be memorable.