Passphrases in the style of XKCD 936 or Diceware have gained popularity, but are they secure enough and practical to use? They seem like a good compromise between security and memorability, but why did Bruce Schneier say using them is "no longer good advice"? This session investigates popular password generation schemes, and examines the characteristics that determine the passphrase strength. We will also review whether the average person finds these passphrases easier to use than passwords, and if they're practical to use in most cases.