>make it easier to break your passwords
A few considerations:
You are supposed to use random dictionary words, not a phrase you make up yourself.
The "Entropy" mentioned is a measure of pure randomness, so even if someone knows you used this method you can be sure of your safety if the entropy was high enough.
Personally I think this comic is a great advance in security for normies, but if you care about this sort of stuff you must to combine it with opsec.
The first principle is to know your adversary, which in practice means you choose an adversary to defend against.
For example: Your bank account might attract professional crackers with scripts for dictionary attacks and fuzzing, but they don't know you personally so a nonrandom passphrase may well protect against them. Your friends and family may know about your interests, but you might bet on them not having the expertise to build a dictonary and run scripts. If a bank employee or the state by extention wants access, your password aint gonna do shit. So even though your bank account is a high-profile target a nonrandom passphrase is surprisingly secure.
This does make assumptions about your situation. If all your personal information is available online it's possible to build a dictionary to solve your passphrase. Don't put personal information online. Personally I have some close friends who have the expertise to build a dictonary e.g. from all the emails I sent them, so I have to be more careful in selecting the passphrase, that's what random words are for.
The second principle is to know who has access. E.g. Who has access to your desk and does this provide a path for information to leak to the adversaries you chose? If not you can leave all the sensitive stuff right there on your desk.Post too long. Click here to view the full text.