Perfect.

Same website.

They want you to use "Tr0ub4dor&3" instead of "correct horse battery staple". They probably have no clue about how password security works. Not giving you the required quantities doesn't actually increase the perceived level of incompetence much further...

So an empty password is ok?

Was their one time password also empty?

@Oktokolo aren't both pretty bad?

Imagine how silly I felt, having exceeeded the max allowable size of email here! Amazes me that people can put stuff live in this condition.

At least the expectations will be low.

Definitely one of the passwords of all time

@iiii Yes. You obviously should use an autogenerated password stored in a password manager. And for that, every site forcing their own rules also sucks real hard.

The word list scheme actually is for the passwords, you have to rememeber yourself (BIOS/OS login, FS encryption and the main password manager database). And for them, XKCD is right about the math and ease to rememeber (assuming randomly chosen words as stated in the comic) despite having choosen very nice examples for both schemes: https://xkcd.com/936/

You could argue for longer word lists (if the key stretching algorithm of the password manager or FS encryption is weak). But phrases actually are the best brain-based solution in that cases - everything else is harder to rememeber when generated randomly.

@Oktokolo they are wrong in math for one thing: if it is known that the password is using a word combination, then the entropy falls down dramatically, because instead of every symbol being a separate piece, now only every word is, while the symbols are corellated

Just knowing that you're using such password makes is immensely weaker for bruteforce.

@iiii That has already been accounted for. The comic assumes that the password generation scheme is known.

@Oktokolo no it doesn't 🤔

@iiii https://explainxkcd.com/wiki/...

Yes, it does.

@Oktokolo okay, convinced. You win