It’s not. This is an extremely widespread misconception and the xkcd on this is wrong.

Password cracking isn’t done by brute force. There are a ton of statistics involved that determines which patterns should be prioritized to hash and compare.

In a dictionary attack, 3 random words is a low entropy sequence. This is because while on a character by character basis, the entropy is high, in a dictionary attack, each word is a symbol, and 3 symbols is not a lot even though there are lot of words in the dictionary.