Passphrase vs Password: Why Four Random Words Beat P@ssw0rd

The Comic That Changed How People Think About Passwords

In 2011, webcomic artist Randall Munroe published XKCD #936, showing two password strategies side by side. The first: Tr0ub4dor&3 — a single mangled word with substitutions. Hard to remember, only about 28 bits of entropy, and likely guessable by pattern-aware cracking tools. The second: correct horse battery staple — four random common words strung together. Easy to remember, and about 44 bits of entropy by Munroe's calculation.

The comic went viral because it exposed a fundamental truth: the complexity rules we imposed on users produced passwords that were simultaneously harder to remember and weaker against systematic attack.

The Math: Why Random Words Win

Entropy measures how many guesses an attacker needs. Each bit of entropy doubles the number of guesses required, so the difference between 28 and 44 bits is not 16 guesses — it is 2¹⁶, or about 65,000 times more guesses.

The Electronic Frontier Foundation (EFF) publishes a carefully curated wordlist of 7,776 common English words — exactly 6⁵, which means each word can be selected by rolling five six-sided dice. Because the list has 7,776 entries, each randomly selected word contributes approximately 12.9 bits of entropy (log₂(7776) ≈ 12.9).

A four-word passphrase from this list: 4 × 12.9 = ~51.7 bits of entropy. A five-word passphrase reaches ~64.6 bits. A six-word passphrase: ~77.5 bits — competitive with a 12-character random password from a full ASCII character set.

Why Passphrases Are Easier to Remember

Human memory is associative. We remember stories, images, and sequences of concrete objects far better than random strings of characters. "Correct horse battery staple" conjures a mental image: a horse standing in a barn next to a battery and a staple, staring at something. That image is memorable. Tr0ub4dor&3 is not.

Research in cognitive psychology consistently shows that chunking — grouping information into meaningful units — dramatically increases recall. Four words are four chunks. Twenty random characters are twenty separate chunks. The passphrase wins on memorability by a large margin even when the entropy is comparable.

The Critical Requirement: Random Selection

The entropy calculations above assume the words are chosen at random, not by a human. This is crucial. When people choose their own passphrases, they gravitate toward common phrases, song lyrics, book titles, and quotes — all of which are in attacker dictionaries. "To be or not to be" is not a secure passphrase. Neither is "may the force be with you."

True randomness requires a random number generator — dice, a hardware RNG, or a cryptographically secure software generator. The EFF wordlist was specifically designed for dice rolling: five dice per word, four rolls for four words. A passphrase generator using crypto.getRandomValues() in the browser achieves the same result without physical dice.

When Passphrases Don't Work

Passphrases have real limitations. Many websites impose character limits that prevent a 30-character passphrase from being entered. Some systems reject spaces in passwords. Others require at least one uppercase letter, number, and symbol — making a passphrase technically non-compliant even if it is far more secure than any compliant alternative.

In those cases, a hybrid approach works well: take the passphrase, capitalize the first letter of each word, add a number between two words, and append a symbol. CorrectHorse4BatteryStaple! retains most of the memorability while satisfying most complexity requirements. The added structure reduces entropy slightly, but the result is still far stronger than a typical user-chosen complex password.

Passphrases for Master Passwords

The ideal use case for a passphrase is as the master password for a password manager. You need to type it from memory, potentially on unfamiliar devices. It must be long enough to be secure against offline attack if the vault file is ever stolen. And it must be something you will not forget even after a month without using it.

A five- or six-word random passphrase from the EFF list is the single best answer to all three requirements. NIST's 2017 guidelines explicitly recommend long passphrases over short complex passwords — the security community has largely converged on this position.

The XKCD comic's punchline was that we had been making passwords harder for humans while making them easier for computers. A random passphrase reverses that — and the math backs it up completely.