Yep, and that's assuming 8 random bytes from extended ASCII. The other point of the article was that nobody actually makes a password from random characters because words are easier to remember. And I think it's disingenuous to suppose people will enter alt-codes and that nonprintable characters would be allowed, so assuming MENSA-quality users with internal random number generators, we get 95^8 ~= 6.6E15, a clear loss of entropy.

Actually, since you normally can't use anything but characters in the 0x20-0x7E range, the 8 char password has much less entropy: 95^8 ~= 6.63E15.

I love the backtick in my passwords. If a website accepts it and doesn't give me any issues, it's a decent indicator of basic security.

>the 8 char password has much less entropy: 95^8 ~= 6.63E15 //

Most of the word usage is going to be limited though too. testyourvocab.com put the average at 27k I think. We're looking for words one can remember easily so the word pool is going to be a lot lower - 15000^4 ~= 5E16 FWIW.

Right- I was just correcting the dude's math :-)

hey it was an honest typo

yeah thats correct