Password vs Passphrase: Entropy, Memorability, and Security in 2026
June 9, 2026 · 4 min read
The conventional wisdom — "use a mix of uppercase, lowercase, numbers, and symbols" — produces passwords like tR#7kZ!2 that are both hard to remember and weaker than they look. A passphrase like Correct-Horse-Battery-Staple is longer, easier to recall, and mathematically stronger. Here's the proof.
What is entropy, and why does it matter
Password strength isn't about complexity rules. It's about entropy: the number of bits of randomness a brute-force attacker must search through to find your password.
Entropy formula:
bits = log₂(pool_size) × length
Where pool_size is how many distinct characters (or words) you draw from.
A password with 8 characters using the full printable ASCII set (95 characters):
log₂(95) × 8 ≈ 6.57 × 8 ≈ 52 bits
52 bits is crackable overnight with modern hardware. Adding symbols doesn't help much because the pool only grows from ~90 to 95 chars — a tiny gain in log₂(pool).
Passphrase entropy
The EFF Diceware word list has 7,776 words. A 4-word passphrase:
log₂(7776) × 4 ≈ 12.9 × 4 ≈ 51.7 bits
That's comparable to the 8-char password above — but a 6-word passphrase:
log₂(7776) × 6 ≈ 12.9 × 6 ≈ 77.5 bits
77 bits is extremely strong against any known attack, while something like correct-horse-battery-staple-lamp-pencil is still a sentence you can say aloud.
Comparing common password types
| Type | Example | Bits | Crack time (GPU) |
|---|---|---|---|
| 8-char "complex" | tR#7kZ!2 |
~52 | Hours–days |
| 12-char random | k9Lm#pQr2xNz |
~78 | Centuries |
| 4-word passphrase | horse-lamp-river-gate |
~52 | Hours–days |
| 6-word passphrase | horse-lamp-river-gate-cloud-beam |
~77 | Centuries |
| 8-word passphrase | horse-lamp-river-gate-cloud-beam-salt-key |
~103 | Heat death of universe |
The lesson: length beats complexity. A longer random string (whether characters or words) always wins over a shorter "complex" one.
Why passphrases are better for humans
Human memory is associative and semantic. We remember stories and images, not arbitrary sequences of symbols.
tR#7kZ!2— zero meaning, impossible to recall without a password managerCorrect-Horse-Battery-Staple— four concrete nouns; you can picture them
Even if you can't remember the exact words, the pattern (4 nouns, separated by hyphens) is easier to reconstruct than an arbitrary 8-char string.
When to use a password vs. a passphrase
Use a password (random characters):
- Any account where you'll use a password manager to store it (the manager types it for you, so memorability is irrelevant)
- API keys and machine credentials (never typed by humans)
- Encrypted archive or key files (you type it once at setup, then the file is locked)
Use a passphrase:
- Master password for your password manager (you type this from memory every day)
- Full-disk encryption (BitLocker, FileVault, LUKS) recovery phrases
- GPG key passphrase
- Anything you genuinely need to remember and type under pressure
The NIST recommendation
NIST Special Publication 800-63B (the current federal standard for authentication) explicitly recommends length over complexity:
"Memorized secrets SHALL be at least 8 characters if chosen by the subscriber... verifiers SHOULD permit subscriber-chosen memorized secrets at least 64 characters in length."
It also recommends against mandatory complexity rules (uppercase/symbols requirements) precisely because they push people toward predictable substitutions (P@ssw0rd) that are worse than a longer, simpler password.
Separator choices and their entropy effect
Adding a separator between words doesn't hurt memorability and adds a small entropy bonus if the separator itself is random:
- Fixed hyphen (
-): no added entropy (attacker knows it's a hyphen) - Chosen randomly from {-, _, ., space}: log₂(4) ≈ 2 extra bits per separator (negligible)
- Random number appended: log₂(100) ≈ 6.6 extra bits
The real entropy gain comes from more words, not fancier separators.
Capitalization
Capitalizing the first letter of each word is cosmetically appealing but adds very little entropy if the attacker knows you follow that pattern. Full random capitalization per character would add log₂(2) × word_chars bits — about 3-5 bits per word — but destroys memorability.
The practical advice: capitalize if a website requires it, but don't count it as meaningful security.
Generate passphrases and passwords privately
The Password Generator here generates both random passwords and passphrases entirely in your browser using window.crypto.getRandomValues(). Nothing is transmitted — the entropy comes from your device's OS-level CSPRNG, and the result never leaves your machine.
Switch to Passphrase mode to pick your word count (3–8), separator, and whether to append a random number. The entropy estimate is shown live so you can see exactly how many bits you're getting.