Are passphrases more secure than passwords?

Not inherently — both depend on entropy. A long passphrase of random words can match or exceed a short random password and is easier to remember and type.

How many words should a passphrase have?

Four to six randomly chosen words is a common, strong target. The key is random selection (e.g. Diceware), not a memorable phrase.

Why is "correct horse battery staple" used as an example?

It is from a well-known XKCD comic illustrating that four random words are both strong and far easier to remember than a short, gnarly password.

Password vs passphrase: which is actually stronger?

4 min readUpdated May 24, 2026

Both can be very strong — strength comes from entropy, not from looking scary. The real difference is the trade-off between density and memorability.

Random passworde.g. k7$Rm2#qZ

Passphrasee.g. correct-horse-battery-staple

	Random password	Passphrase
Entropy per character	High	Lower
Total length needed	Shorter	Longer
Memorability	Hard	Easier
Typing on mobile	Painful	Easier
Needs a manager	Usually	Often memorable
Best for	Manager-stored secrets	Passwords you must recall

It is all entropy

A random password packs lots of entropy into few characters. A passphrase of randomly chosen words packs less per character but makes up for it with length — four to six random words is plenty. Either way, the words or characters must be random: a favorite quote has almost no entropy.

Pick by how you will use it

For secrets a password manager stores and fills, a long random password is ideal — you never type it. For the handful you must remember (your manager’s master password, device login), a passphrase wins on memorability without sacrificing strength. Generate either in the Password Generator.

Crucial caveat: a passphrase is only strong if the words are chosen randomly (e.g. Diceware). "iloveyou123" is a passphrase in form but worthless in practice.

The verdict

Use a long random password for anything your manager stores and fills. Use a random-word passphrase for the few you must memorize. Both are strong when truly random — generate them in the Password Generator and read the password security guide.

Frequently asked questions

Are passphrases more secure than passwords?: Not inherently — both depend on entropy. A long passphrase of random words can match or exceed a short random password and is easier to remember and type.
How many words should a passphrase have?: Four to six randomly chosen words is a common, strong target. The key is random selection (e.g. Diceware), not a memorable phrase.
Why is "correct horse battery staple" used as an example?: It is from a well-known XKCD comic illustrating that four random words are both strong and far easier to remember than a short, gnarly password.

Try it yourself

Free, in-browser tools for everything above.

Password Generator

It is all entropy

Pick by how you will use it

The verdict

Frequently asked questions

Try it yourself

Go deeper