Whaaat? (Did you really downvote me instead of just disagreeing btw? Not that I care, just curious.)
Anyway, did you not comprehend the comic? Making a password hard to remember/type by requiring stuff like weird combinations leads to one thing - people writing their passwords down.
Whereas a long easy-to-remember passphrase is a) almost impossible to guess, b) doesn't need written down, and c) has a far longer time for a computer (which you claim has "nothing to do with it") to crack by brute force.
Edit: Well it can lead to other things. Like using "use securely generated password" and letting the browser remember it so if you let someone use your computer (assuming you don't set up their own account etc) they can get into everything....
Edit 2: Basically a really secure password strategy would be no restrictions on characters etc but a minimum length. Then users could do something like use a standard phrase or three (say, one they use for only most-secure sites like their banking, another for the next tier, and a third for whatever garbage/everything else) and substitute something like the site name in one spot in the phrase. No-one would ever have to write anything down, just remember their few key phrases. If one happened to leak, then change that relevant batch of passwords with a new phrase just in case someone sees what they are doing.
Nope. Computers don't care about stupid stuff like capital/lowercase/symbols etc.
https://xkcd.com/936/
Has nothing to do with "computers".
Whaaat? (Did you really downvote me instead of just disagreeing btw? Not that I care, just curious.)
Anyway, did you not comprehend the comic? Making a password hard to remember/type by requiring stuff like weird combinations leads to one thing - people writing their passwords down.
Whereas a long easy-to-remember passphrase is a) almost impossible to guess, b) doesn't need written down, and c) has a far longer time for a computer (which you claim has "nothing to do with it") to crack by brute force.
Edit: Well it can lead to other things. Like using "use securely generated password" and letting the browser remember it so if you let someone use your computer (assuming you don't set up their own account etc) they can get into everything....
Edit 2: Basically a really secure password strategy would be no restrictions on characters etc but a minimum length. Then users could do something like use a standard phrase or three (say, one they use for only most-secure sites like their banking, another for the next tier, and a third for whatever garbage/everything else) and substitute something like the site name in one spot in the phrase. No-one would ever have to write anything down, just remember their few key phrases. If one happened to leak, then change that relevant batch of passwords with a new phrase just in case someone sees what they are doing.