The main difference between a passphrase and a password is that passwords do not have spaces. Passphrases are usually longer than a random string of letters and have spaces. But passphrases can also contain symbols. Although it might make it easier to remember, a passphases does not have to be a proper sentence or be grammatically correct.
Password Dragon offers 5 reasons why passphrases are better than passwords:
Passphrases are easier to remember than a random of symbols and letters combined together. It would be easier to remember a phrase from your favorite song or your favorite quotation than to remember a short but complicated password.
Passwords are relatively easy to guess or crack by both human and robots. The online criminals have also leveled up and developed state of the art hacking tools that are designed to crack even the most complicated password.
Satisfies complex rules easily. The use of punctuation, upper and lower cases in Passphrases also meets the complexity requirements for passwords.
Major OS and applications supports passphrase. All major OS including Windows, Linux and Mac allow pass-phrases of up to 127 characters long. Hence, you can opt for longer passphrases for maximum security.
Passphrases are next to impossible to crack because most of the highly-efficient password cracking tools breaks down at around 10 characters. Hence, even the most advanced cracking tool won’t be able to guess, brute-force or pre-compute these passphrases.
Four words should be sufficient. Five words is better.
Don’t choose from the most common words, and don’t choose quotes or sayings. The words should be as random as possible.
Use a unique passphrase for every account you own. That way, if one passphrase is ever exposed, the other accounts remain secure.
Even though Lastpass recommends using a passphrase for your Lastpass Master Password, the otherwise fully-featured password manager can't generate passphrases yet. You can use an online passphrase generator, but be careful to use one that doesn't log the generated passwords.