>>>(don't miss the mouseover)
>
>I didn't miss the mouseover! Agree re the character substitution- but randomly mixing case and symbols mathematically ramps up safety substantially at the cost of difficulty remembering the password. However, IMHO there's another human phenomenon at play: in real life few people remember multiple passwords. Generally they reuse or rely on a repository to remember the passwords for them. It's reasonably safe to have a paranoid master password for Firefox and Thunderbird after which you don't need to remember the individual site passwords that can be as random as possible. Also possible on phones, but AFAICS a lot of people carry heaps of sensitive stuff on their phones protected only by a simple pin if at all...


I think the mouseover refers to leaving out dictionary attacks for the sake of the comic math