Seems like XKCD generated a new round of twitter talk about what a strong password should be. The argument basically boils down to : choose a passphrase instead of a short complex password, as it will be stronger and easier to remember.
This is, in my opinion, incredibly naive.
First of all, the XKCD comic is true only if :
- everybody creates passwords the exact way that is described
- a passphrase would be selected using random words
In practice, there are ways to make passwords strong in practice while keeping them short. Write them in Chinese, accentuated letters, replace your “e” by “€”, end it with a space. On the other with a “plain” passphrase, you are certain there will be patterns, and statistical approaches to password cracking will be highly successful.
Tr0ub4dor&3 is a MUCH stronger password than “I love <insert name here>”.