Perhaps first we should ask "What is a passphrase?" The Wikipedia may say it best:
A passphrase is a collection of 'words' used for access control, typically used to gain access to a computer system. (1)
Passphrases were first proposed in 1981 by Sigmund Porter (6). Passphrases are distinguished from passwords by their virtue of being comprised of several words separated by spaces (2). Passphrases can satisfy even stringent security requirements, while being easier for the users to remember (3). It’s this combination of complexity and ease of remembrance that make passphrases a good part of a password policy.
Our decision to use passphrases included another reason. By using passphrases when a user’s account is set up, we hoped to set an example to our users to use passphrases as well. We hoped that users would follow our example and choose passphrases they could remember easily, and that would be more than their dog’s name concatenated with a number 1. As a precedent, I cited that AOL has for years used multiple word passphrases as the login associated with all those floppies and CDs they send out. PGP and its variants also require using secure passphrases as your private key.