[Y_Less]

Quote:

Originally Posted by Sasino97 That is true, but if the user used words which are all related to each other, he made the attacker’s work easier.

Again, not really. Unless you know how the words are related. And it is still VASTLY better than normal passwords where people do use the same ones over and over, and those common passwords are very well known and documented. The theoretical difficulty in cracking normal passwords assumes that “Df3()AsЈ” is just as common as “p4ssw0RD”. Do you think that’s the case? You’re arguing that this method is less secure because it has a theoretical attack, while totally ignoring the fact that the current method has a known attack.

Edit:

Quote:

Originally Posted by Sasino97 How can we programmatically ensure that the user did not use "My name is Carl" as a password?

Why? Yes, passwords with semantic meaning are slightly worse, but still vastly better than most normal passwords.

Again:

You’re arguing that this method is less secure because it has a theoretical attack, while totally ignoring the fact that the current method has a known attack. Is it perfect? No. Is it better than the alternative (when a password manager isn't available? Yes!