

Analyzing the XKCD Passphrase Comic - m8urn
http://xato.net/passwords/analyzing-the-xkcd-comic/

======
dllthomas
100 mutations seems high, and mutations make things harder to type. I'd rather
add a 5th word (in fact, I do!) to get the complexity up where I want it.

I love the idea of including non-dictionary words, though. Numbers 0-999 gives
you an easy thousand, any one of which should be easy to remember in a
password. Proper nouns are also likely to be memorable, although remembering
which spelling variation might be more trouble.

Also, if you speak a language other than English, that's another dictionary
you can pull in (gaining a number of words dependant in part on your
fluency...).

~~~
m8urn
"100 mutations seems high"

JTR has more than 180 rules, so I don't think 100 is an unfair number.

And yes, mutations do slow down typing which is why I most often use a random
non-word that sounds like it would be a word (i.e., lickering, fauxd,
glasster, etc.). Another is capitalizing in the middle of the word. And
another is sticking a hyphen in the middle of the word. And another is adding
a suffix like .com to your word.

Of course my favorite mutation is swapping the first letter of two of the
words (i.e., cog drap).

But yeah you could also just add a fifth word and not even worry about
mutations.

