There have been plenty of research done about passwords but much less about passphrases. This page will be a reference page of academic papers about passphrases.
Effect of Grammar on Security of Long Passwords
- study on how password crackers can use grammar to reduce effort required to crack passphrases. (Alternate
). Yes, using grammar structure results in simpler phrases than just random words. But that does not effect the
reported in the Readable Passphrase Generator.
Correct horse battery staple - Exploring the usability of system-assigned passphrases
- study on usability of generated passphrases. They find, surprisingly, that passphrases aren't
that much easier to remember. Although my anecdotal experience says otherwise.
Of Passwords and People: Measuring the Effect of Password-Composition Policies
- not specificly about passphrases, but how additional complexity requirements (upper / lower
case, numbers, symbols, etc) affects password usability and entropy. They find a 16 character password with no restrictions is easier to create than an 8 character one requiring upper, lower, numbers and symbols. And the longer passwords have more entropy
as well. Although, they also found both complex 8 and simple 16 character passwords cause users more frustration and difficulty in making them up. I recommend generating passwords!