Or, use a random password. They have much better strength-for-a-given-length than passphrases or even squyd-phrases. The general rule is that if you need to remember and type it, use a passphrase; it you will only be auto-filling it, use a password.
The entire point behind passphrases is to make something easy to remember, easy to communicate and easy to type. This was most famously and most clearly explained by xkcd. Adding complexity (random upper, lower, digits, specials) to passphrases creates a secret that benefits nobody. In addition to being difficult to remember or type, it also is less “strong” than an equivalent length password.
Perhaps surprisingly, all of these have the same approximate strength (~64 bits of entropy) when generated randomly [cite]:
- 20 digits [0-9]
- 14 lowercase letters [a-z]
- 11 letters of mixed cases and numbers [a-zA-Z0-9]
- 10 ascii printable characters ( letters, numbers, punctuation)
- 5 diceware words.
- 4 word squyd-phrase (estimated).
By way of sample, which would you rather use? They are similarly strong.
52546643449572466429kvnxyznabgvwfwf7XkFYX5mg5aT@KTv$2"hhorse correct battery staple onionThdrifiester61-MATIESY-459Barrob-Ushiredunlity
A decent description of the “math” behind password strength (which we call “entropy”, can be found in this Wikipedia article.
As an aside, the greatest cause of passwords breaking comes from the use of punctuation in passwords. One can avoid this problem by using an alpha-numeric password that is 10% longer.