in reply to RE: Ethics of Passwords
in thread Ethics of Passwords

Unfortunately, this is not such a great idea. The average person has a vocabulary of between 2000 and 5000 words (i'm not totally sure about those numbers, but i'm on the same order of magnitude). So assuming you can use up to 5000 words and make things easy to remember (which is the whole point), that gives you a search space of 25,000,000. That would be crackable minutes. Add on two random digits increases the search space by a factor of 100. That gives you 2,500,000,000 passwords to check, which is checkable in an hour or two at the most.

Bottom line is, dictionary words never make secure passwords. English text only has about 1.5 bits of entropy per letter. At work, we strongly discourage our users from using dictionary words from any language