https://firstlook.org/theintercept/2015/03/26/passphrases-can-memorize-attackers-cant-guess/
A passphrase is like a password, but longer and more secure. In essence, it’s an encryption key that you memorize. Once you start caring more deeply about your privacy and improving your computer security habits, one of the first roadblocks you’ll run into is having to create a passphrase. You can’t secure much without one.
Diceware passphrases are great for when you’re typing them into your computer to decrypt something locally, like your hard drive, your PGP secret key or your password database.
You don’t so much need them for logging into a website or something else on the Internet. In those situations, you get less benefit from using a high-entropy passphrase. Attackers will never be able to guess a trillion times per second if each guess requires communicating with a server on the Internet. In some cases, attackers will own or take over the remote server — in which case they can grab the passphrase as soon you log in and send it, regardless of how strong or weak it is cryptographically.