Follow

I don't believe this is correct.

If enough people use 3-4 word phrases, brute force attackers will specifically adapt to this.

Assuming a lexicon of 20,000 words (average native speaker) you get 20,000 ^ 4 permutations or 1.6e+17

Assuming 68 alpha numeric characters (lower, upper, digits, 10 symbols) you only need 10 characters to surpass this (68^10 or 2.1e+18)