[Aqueous]

What about a high entropy set of 4 words for the passphrase?

This should give you fairly decent security.

[tlrobinson]

According to the classic xkcd on this subject (https://xkcd.com/936/) 4 random common words provides 44 bits of entropy which is easily crackable (you can do a hell of a lot more than 1000 guesses/sec)

Something that uses key stretching like WarpWallet might be acceptable: https://keybase.io/warp/

[gwillen]

Right idea, but 4 is not enough.

  echidna:~ gwillen$ wc -l /usr/share/dict/words
    235886 /usr/share/dict/words

You get something like 17 bits of password strength per word, depending on the size of your dictionary. (The relevant xkcd estimates more like 11 -- which makes sense because /usr/share/dict/words has a lot of obscure words, shitty words, and alternate forms of words, that you would probably exclude when generating a password.)

So if you want a passphrase that's secure against brute force, you'd want more like 7-12 words.

[LocalPCGuy]

Not if those 4 words are in the dictionary. Crackers are definitely aware of this password generation technique and it isn't hard to run through 4 word combinations from a dictionary.

In the end, the best password right now is a 16+ random password made up of uppercase letters, lowercase letters, numbers and symbols. Use a password manager to manage and store your passwords.

[caf]

It depends on the size of your dictionary. If you want to run through all combinations of 4 words from a 131072 word dictionary you need to test 2^68 combinations.

[ivanca]

Use the name of made-up music band -you haven't heard of anywhere- and attach the current age of someone in your family: Merrytallica27

Simply enough to remember and harder to crack than most passwords in the world.

[bennyg]

As long as it isn't "correcthorsebatterystaple."