https://www.explainxkcd.com/wiki/api.php?action=feedcontributions&feedformat=atom&user=195.56.58.169explain xkcd - User contributions [en]2026-06-19T14:57:25ZUser contributionsMediaWiki 1.30.0https://www.explainxkcd.com/wiki/index.php?title=Talk:936:_Password_Strength&diff=48154Talk:936: Password Strength2013-08-30T09:01:18Z<p>195.56.58.169: </p>
<hr />
<div>You still have to vary the words with a bit of capitalization, punctuation and numbers a bit, or hackers can just run a dictionary attack against your string of four words. '''[[User:Davidy22|<u>{{Color|purple|David}}<font color=green size=3px>y</font></u><font color=indigo size=4px>²²</font>]]'''[[User talk:Davidy22|<tt>[talk]</tt>]] 09:12, 9 March 2013 (UTC)<br />
<br />
No you don't. Hackers cannot run a dictionary attack against a string of four randomly picked words.<br />
Look at the number of bits displayed in the image: 11 bits for each word.<br />
That means he's assuming a dictionary of 2048 words, from which each word is picked randomly.<br />
The assumption is that the cracker knows your password scheme.<br />
[[Special:Contributions/86.81.151.19|86.81.151.19]] 20:17, 28 April 2013 (UTC)<br />
Willem<br />
<br />
Sometimes this is not possible. (I'm looking at you, local banks with 8-12 character passwords and PayPal) If I can, I use a full sentence. A compound sentence for the important stuff. This adds the capitalization, punctuation and possibly the use of numbers while it's even easier to remember then Randall's scheme. I think it might help against the keyloggers too, if your browser/application autofills the username filed, because you password doesn't stand out from the feed with being gibberish. [[Special:Contributions/195.56.58.169|195.56.58.169]] 09:01, 30 August 2013 (UTC)</div>195.56.58.169