Such a password scheme provides much less than 44 "bits" of entropy. Considering the use of 4 randomly chosen words from the c.170000 english words in general use, means we can guess the paraphrase in around 2^22 tries - even less than "Tr0ub4d0r3&".
EDIT: I'm totally wrong, it's more like 2*10^22 ... oops!
Assuming the attacker knows the the password creation method (and the math assumes the attacker does in the first case), then the attacker knows the word list and the passphrase algorithm.
11 bits per word gives you a grab bag of 2048 possible common words. To guess the password, assuming each word is unique, the attacker needs to try
2048 * 2047 * 2046 * 2045 = 17,540,692,561,920
possible combinations. Initially, you'd think an eleven character password with totally random uppercase, lowercase, numbers and symbols would give you 66 ^ 11 combinations for 66 bits of entropy, but since nobody can actually remember such a random combination, the resulting passwords using these rules are much less secure than that.
Wouldn't you first have to know that the passphrase consists of four randomly chosen words (eg not three, five, or eight)? To me, that's the underlying strength of the approach that the comic (!) is trying to highlight.
Err, yes thanks. I was trying to emphasise the fact that the multiplier of entropy is not the "bit", but the "word" (in the linguistic, rather than the computer architecture sense)
EDIT: I'm totally wrong, it's more like 2*10^22 ... oops!