Rainbow tables, among other things.
Passphrases have a vulnerability many orders of magnitude greater than the ordinary passwords you are accustomed to using for your email accounts, online banking and such.  I won't go into the reasons here.
Passphrase strength is a function of entropy.  The concept of entropy can hardly even be applied to a passphrase generated by the human thought process.  Entropy applies to symbols (words, in this case) selected at random from a pool of such elements.
Taking diceware as an example, you have a pool of words (I think it's 7776) and select words from it randomly using dice throws.  There's some simple math you can use to calculate the number of bits of entropy you get by selecting x number of words from a pool of a certain size.  If you are serious at all about wanting to educate yourself, protect yourself and your money, then research this.  The information is all there, starting with a google search.
Using a random word selection process as described, you will know exactly how strong your passphrase is.  It is a function of the number of words in the pool, and the number of words in your passphrase.  Math doesn't lie, and it doesn't deceive you.
You can, however, deceive yourself if you imagine that selecting a passphrase through some flabby cognitive process has any rigor, strength or protective value.