Passphrase? Cracking it is called a dictionary attack, it's what almost every password cracking attempt uses anyway. It's just a list of words run against the password, and can be rather easy to crack. SAFE passwords are long enough series of random letters numbers and symbols, something an attempt would have to brute force character by character and thus wouldn't have much of a chance of getting. $57*ghU^61@nm is a far safer password that "Correct Horse Staple Battery" which would easily be crackable in a reasonable timeframe.
Unfortunately $57*ghU^61@nm is friggen hard to remember. Maybe it's time to find convenient and cheap biometric scanners.
I think you misunderstand. A brute-force attack on a password is "just" a dictionary attack using letters and symbols as your dictionary instead of English words. There's realistically 26 lower case letters, 26 upper case letters, 10 digits, around 32 symbols, and space (just looking at my keyboard), giving us a set of about 95 to compose our passwords from. According to Oxford Dictionaries there's around 171,476 words in current usage. Even if you constrain to what the average person knows, you've got anywhere from 12,000 to 60,000 words depending on who you trust for those kinds of statistics. Want to include your below average person? If XKCD is to be judged, you can still communicate somewhat by limiting yourself to the 1000 most used words. That ignores capitalization variations, so it assumes the attacker knows you only capitalize the first word of the sentence (or whatever your personal rule is). That actually puts a six word passphrase using a vocabulary of 1000 words as harder to brute force than an eight character password.
Passphrases of equivalent length are easier to remember because we're trained to think in sentences, not letters. You can also use visualization techniques, as XKCD suggests, because we associate images with many words, not so much with letters. The biggest problem with passphrases are sites that put an upper limit on passwords, so we're forced to come up with pass phrases that operate as mnemonics for passwords, but then that limits our pool of characters in our password (unless you know a word that begins with the letter %).