Password vs passphrase

A classic password bets on odd characters in little space ("Xj9$mK2!"); a passphrase bets on several random words ("horse-battery-staple-correct"). What matters against an attack is entropy — the bits of randomness — and there a long passphrase usually beats a short password, while also being easier to remember.

AspectContraseñaFrase
Typical entropy~52 bits (8 chars)~77 bits (6 words)
MemorableNoYes
Easy to typeNoYes
Ideal with a managerYesOptional
Brute-force resistanceDepends on lengthHigh with 5+ words

When to use Contraseña

Use a random password when a manager stores it for you and there is a length limit: maximum entropy per character in the least space.

When to use Frase

Use a passphrase when you must type or remember it (team login, encrypted disk, manager master key): 5-6 random words give huge entropy and type without errors.

In short: For machines, a long random password. To memorize, a passphrase. In both cases the key is that the randomness is cryptographic (Web Crypto), not words that merely "look random".

Tools for this