Passphrase vs Password: Entropy and Security Explained

Every password has a measurable property called entropy — the number of bits of randomness it contains. Higher entropy means more possible combinations an attacker must try. A password with 50 bits of entropy has 2^50 (about 1.1 quadrillion) possibilities. At 1 billion guesses per second, that takes roughly 13 days to exhaust. At 80 bits, even a trillion guesses per second would take 38,000 years.

The critical insight is that entropy depends on how the password was generated, not how it looks. "Tr0ub4dor&3" appears complex but has about 28 bits of entropy because it follows a predictable pattern (dictionary word + common substitutions + appended symbols). Meanwhile, "correct horse battery staple" — four random words — provides approximately 44 bits from a 2,048-word list or 52 bits from the EFF 7,776-word list.

Most password policies focus on character composition (uppercase, lowercase, digits, symbols) rather than actual entropy. This creates a false sense of security: "Summer2026!" satisfies every complexity requirement but falls to a dictionary attack in seconds.

For a truly random password, entropy equals log₂(C^L), where C is the character set size and L is the length. A 12-character password from a 95-character set (printable ASCII) has log₂(95^12) ≈ 79 bits. A 16-character password from the same set reaches about 105 bits.

For passphrases, entropy equals log₂(W^N), where W is the word list size and N is the number of words. Using the EFF large word list (7,776 words): 4 words give log₂(7776^4) ≈ 51.7 bits; 5 words give ≈ 64.6 bits; 6 words give ≈ 77.5 bits; 7 words give ≈ 90.5 bits.

This calculation assumes the attacker knows your generation method. If an attacker knows you used a 4-word Diceware passphrase, they face 7,776^4 ≈ 3.7 trillion combinations. This is the conservative, realistic security measure — assuming the worst case where the attacker knows your exact method but not your specific words.

Passphrases offer a unique advantage: they trade character-level complexity for length, achieving high entropy while remaining memorable and typeable. A six-word passphrase like "monarch-fabric-eleven-radar-canopy-walrus" has approximately 78 bits of entropy — matching a random 12-character password — but is far easier for a human to remember and type correctly.

The memorability factor is not just convenience — it is a security advantage. When passwords are hard to remember, users write them down insecurely, reuse them across sites, or create predictable patterns. A passphrase you can actually remember without external aids is a passphrase you will use correctly, never reuse, and never need to reset.

Passphrases also resist shoulder-surfing better than character passwords. An observer watching you type "k9$mP#2xLw" can memorize the characters, but watching someone type "correct horse battery staple" is much harder to retain as a sequence of words typed rapidly.

The Diceware method, originally developed by Arnold Reinhold in 1995, uses physical dice rolls to select words from a numbered list. Each die roll is truly random — no computer algorithm needed. The EFF updated the word list in 2016 to use only common, easy-to-spell English words, making the resulting passphrases more practical.

Random character passwords achieve higher entropy per character than passphrases achieve per word. A 16-character random password from the full printable ASCII set provides about 105 bits of entropy — you would need 8 Diceware words to match that, resulting in a much longer string to type.

For accounts managed by a password manager (where you never type the password manually), random character passwords are strictly superior. The password manager handles generation, storage, and auto-fill, so memorability is irrelevant. You can use 20, 30, or even 64-character random strings with zero effort.

Random passwords are also more compact, which matters in systems with low maximum password length limits. Some legacy systems cap passwords at 16 or even 8 characters. In those constrained environments, maximizing entropy per character with a random password is essential.

The key disadvantage of random passwords is that they are essentially impossible to memorize. If you lose access to your password manager, recovery depends entirely on your backup strategy. This makes random passwords inappropriate for your master password or any credential you must enter from memory.

Use passphrases for: your password manager master password (the one password you must memorize); computer login passwords (typed frequently from memory); phone unlock PINs (use a 6-8 digit random number or a short passphrase); full-disk encryption passwords (entered at boot, before your password manager is available); and any credential where you cannot rely on auto-fill.

Use random character passwords for: all accounts stored in your password manager; API keys and tokens; service accounts; database passwords; and any credential that will be copy-pasted or auto-filled rather than typed from memory.

For maximum security, combine both approaches: a strong passphrase as your master password (protecting access to the manager) and unique random passwords for every individual account (generated and managed by the password manager). This layered approach gives you the memorability of passphrases where you need it and the maximum entropy of random passwords everywhere else.

Start with a minimum of 5 words for personal accounts and 6-7 words for high-value targets. Use the EFF large word list or an equivalent list with at least 7,776 entries to ensure each word contributes approximately 12.9 bits of entropy.

Consider adding one or two modifications: capitalize a random word, insert a digit between two words, or use an unusual separator character. For example, "monarch Fabric 11 radar-canopy-walrus" adds several bits of entropy without significantly hurting memorability. However, do not over-modify — the strength comes from word count and randomness, not from clever tricks.

Never select words yourself. Human word selection is heavily biased toward common words, associated concepts, and culturally influenced choices. Always use dice or a cryptographic random number generator. If you think you are picking words randomly, you are almost certainly not — decades of research confirm that humans are poor random generators.

Both passphrases and random passwords can provide excellent security when used correctly. The choice depends on context: passphrases for human memory, random passwords for machine management. The worst choice is a "compromise" password that is neither fully random nor a proper passphrase — something like "Monkey123!" that a human chose because it seemed "strong enough."

Whatever method you use, the single most important factor is uniqueness. A perfect passphrase reused across three sites is far less secure than three mediocre but unique passwords. Combined with a password manager and multi-factor authentication, either approach will protect your accounts against the vast majority of real-world attacks.