I actually didn't ignore the 'common' limitation (and didn't downvote you - I'm actually interested how you come up with that).
Follow-up questions:
- What are the first tests, before this 3rd that tests for words? I assume tests for passwords of the first/left variety in the comic? Aren't they cheaper?
- 'Up to three words' is reducing the exponent of possible combinations by one. Length/number of words is relevant
Edit: Another issue. You say 'people forget the human factor', while you, yourself, propose something like '4 times Hack News with substitutions' as better. How is that including the 'human factor'?
You know what; it's been so long since I played around with this stuff (it's even a separate company now, that we just consult for) that I'm way out of touch with my thought process :)
You're right; there is nothing particularly wrong with the suggestion that makes it intrinsically very weak for most uses.
I'd best stop commenting before I make a total mess :)
Follow-up questions:
- What are the first tests, before this 3rd that tests for words? I assume tests for passwords of the first/left variety in the comic? Aren't they cheaper?
- 'Up to three words' is reducing the exponent of possible combinations by one. Length/number of words is relevant
Edit: Another issue. You say 'people forget the human factor', while you, yourself, propose something like '4 times Hack News with substitutions' as better. How is that including the 'human factor'?