Passphrases vs Random Passwords — Which Should You Use, and When?

"correct horse battery staple" versus "xK9#mQ2$vLp7!wTz" — the internet has argued about this for over a decade. The truth is that the argument has a clean resolution: they are tools for different jobs. This post lays out the honest math for both, the threat models that decide which one matters, and the hybrid strategy nearly every security professional actually uses.

Diceware Passphrases: ~12.9 Bits Per Word, and Memorable

A diceware passphrase is a sequence of words picked uniformly at random from a fixed list of 7,776 words. Because the choice is random, each word contributes exactly log2(7776) ≈ 12.9 bits of entropy — no matter how short or common the word is:

4 words ≈ 51.7 bits   e.g. "lunar-carpet-hazard-tulip"
5 words ≈ 64.6 bits   e.g. "onion-drift-saber-plaza-mocha"
6 words ≈ 77.5 bits   e.g. "ferry-cactus-nylon-orbit-squad-lava"
7 words ≈ 90.4 bits

The superpower is memorability. Six random words form absurd little images your brain holds onto after a few days of typing; sixteen random symbols never will. Passphrases are also far easier to type correctly on a phone keyboard, and easier to read out when you must (WiFi passwords, for instance).

The critical caveat: the entropy comes from the dice, not the words. A phrase you composed yourself — song lyrics, "MyDogLovesCricket", a sentence about your city — follows grammar and personal facts that cracking tools model directly. Self-invented phrases are worth a fraction of the bits the length suggests.

Random Strings: Denser, But They Need a Manager

A generated random password packs 5.95-6.55 bits into every character:

12 chars (62-char pool) ≈  71.4 bits
16 chars (62-char pool) ≈  95.3 bits
16 chars (94-char pool) ≈ 104.9 bits
20 chars (94-char pool) ≈ 131.0 bits

Compare: a 6-word diceware phrase is ~30 characters
for 77.5 bits — the random string reaches that in 12-13 chars.

Density matters when a site imposes a length cap, and it means maximum strength with zero thought. The trade-off is total unmemorability — random strings only work alongside a password manager that stores and autofills them. That is not a weakness; it is the design. You should not be memorising site passwords at all.

Threat Models: Online Throttled vs Offline Cracking

How strong is "strong enough"? It depends on what the attacker can do:

  • Online guessing (throttled) — the attacker submits guesses to the live login form. Rate limiting, lockouts, and CAPTCHAs cap them at perhaps hundreds of guesses per day. Even ~40 bits survives this for centuries. Almost any non-dictionary password defeats online guessing.
  • Offline cracking — the attacker has stolen the hash database and guesses locally at GPU speed: billions per second against fast hashes, tens of thousands per second against bcrypt/Argon2. This is where entropy really matters, and where 75+ bits becomes the sensible target.

Your password manager vault is the ultimate offline target: if someone steals the encrypted vault file, the only thing between them and every password you own is the master password and the vault's key-derivation function. That is why the master password deserves the most entropy of anything you memorise.

The Hybrid Strategy: Passphrase Master, Generated Everything Else

The resolution to the debate:

  • Memorised secrets → passphrases. Password manager master password, computer login, disk encryption. You need 3-5 of these in your life, and 6-word diceware handles each.
  • Everything else → generated random strings. Unique 16+ characters per site, stored in the manager, autofilled. You never see them, so density beats memorability.

This gets you the best of both: human memory is only asked to hold a handful of memorable-by-design phrases, and the hundreds of site passwords get maximum entropy and, crucially, uniqueness — which protects you from credential stuffing, the most common account-takeover attack of all (see common password attacks).

How to Actually Do Diceware

  1. Get the word list — the EFF Large Wordlist (7,776 words) is the modern standard; search "EFF diceware wordlist" and save the text file.
  2. Roll five physical dice (or one die five times). Read the digits in order — e.g. 4, 2, 6, 1, 3 → 42613.
  3. Look up 42613 in the list to get your first word.
  4. Repeat until you have six words. Do not reroll words you dislike — rejecting outcomes leaks entropy.
  5. Join with a separator you'll remember: ferry-cactus-nylon-orbit-squad-lava.
  6. Practise typing it for a week with a paper backup in a safe place; destroy the paper once it is truly memorised.

No dice handy? A generator that uses the browser's cryptographic randomness (crypto.getRandomValues) is equivalent. What does not count: picking words yourself, or using an online tool that generates server-side where the phrase could be logged.

Frequently Asked Questions

Are passphrases as secure as random passwords?

A 6-word diceware passphrase carries about 77.5 bits of entropy — less dense than a 16-character random string (~104 bits) but still far beyond practical cracking when hashed with a modern KDF. The passphrase wins where you must remember the secret; the random string wins where a password manager stores it.

What is diceware?

Diceware is a method for generating passphrases by rolling five dice per word and looking up the result in a standard list of 7,776 words. Because every word is chosen uniformly at random, each word contributes log2(7776) ≈ 12.9 bits of entropy.

Should my master password be a passphrase?

Yes. The master password is the one secret you cannot store in a manager, so it must be both strong and memorable — exactly what a 6+ word diceware passphrase provides. Every other password should then be randomly generated and stored in the manager.

Try the Free Password Generator

Generate cryptographically secure random passwords locally in your browser — nothing leaves your device. No signup, no cost.

Related articles