Passphrases for Everyone: When Memorable Beats Random

The standard advice — "use a password manager, generate random 20-character passwords for everything" — is correct, and also incomplete. There are at least three or four passwords in your life that you cannot store in a manager, because the manager itself is locked behind one of them. For those, randomness alone is not enough; the password also has to fit in your head. That is what passphrases are for.

The Passwords You Have to Memorise

Almost everyone's threat model has the same handful of memorise-or-lose-everything credentials:

• The master password for your password manager.
• Your primary email account password (since email controls account recovery for everything).
• Your computer's login or full-disk encryption password.
• Your phone's unlock code or backup PIN.

For these four, "just generate something random and store it" doesn't work — there is no manager to store them in, or the manager itself is what you are trying to unlock. They have to be strong, and they have to be memorable. A passphrase is the only mainstream construction that does both.

Why Words Win for Memory

Human memory is built for meaning. We retain narratives, images, and rhythms; we forget arbitrary character sequences within minutes. Bonneau and Schechter's 2014 study at Microsoft Research showed that participants could reliably recall 56-bit passwords only if they were allowed to memorise them in chunks over several sessions. Random passwords above ~50 bits had measurable failure rates.

Passphrases short-circuit the problem. tractor-village-skylight-cobalt-meadow is roughly 65 bits of entropy, and after rehearsing it three or four times most people remember it indefinitely. That is the trick: words pack a lot of entropy per memorable unit.

The Generation Rules That Actually Matter

A passphrase is only as strong as its generation method. The non-negotiables:

• Use a real random source. A dice roll or a CSPRNG. Don't pick the words yourself — humans cluster around "interesting" words and an attacker can model that.
• Use a published word list. The EFF's 7,776-word list is the standard. The math (~12.9 bits per word) only works if attackers know the list — which they do — and have to search the whole space.
• Don't edit the output. Reroll if you don't like a word. Don't swap one for a synonym, don't reorder for "flow". Both reduce entropy.
• Pick enough words. Five for medium-stakes accounts, six or seven for master passwords and disk encryption.

When Random Passwords Are Still Better

Inside a password manager, every password should be machine-generated random characters at maximum allowed length. You will never type these — the manager autofills them — so memorability is irrelevant and density wins. A 20-character random password packs more entropy into less space than the equivalent passphrase, and saves clicks when a site has a 32-character cap.

Don't use a passphrase for your bank's online login if your manager handles it. Save the passphrases for the slots where you genuinely need to type the secret from memory.

Practical Capitalisation and Separators

From an entropy standpoint, separators and capitalisation are decoration. correct horse battery staple and CorrectHorseBatteryStaplehave the same word-level entropy. But some sites still enforce the "must contain uppercase / digit" composition rules NIST asked them to drop in 2017. A reasonable compromise:

• Use hyphens or spaces between words for readability when typing on mobile.
• If a site demands a digit and a symbol, append a fixed suffix like -2!. The suffix adds no real entropy against a smart attacker, but it satisfies the form.
• Don't scatter capitals through the passphrase to "strengthen" it. The strengthening is illusory and you will mistype it.

The Default You Should Adopt

Pick a 6-word EFF passphrase for your password manager. Pick another for full-disk encryption. Use the password manager for everything else. That is the entire system. It gives you ~77 bits on the two secrets that matter most, removes the cognitive load on the hundreds that don't, and stops being something you have to think about.