450
17 cringe-worthy Google AI answers demonstrate the problem with training on the entire web
(www.tomshardware.com)
This is a most excellent place for technology news and articles.
TL;DR: your statements are incorrect and you're being assumptive.
Step 2 is "hard"? Seriously??? It boils down to "first letter of each word, as it's written, plus punctuation".
Regarding step 3, I'll clarify further near the end.
That's a variation of the "correct horse battery staple" method. It works with some caveats:
I'll interpret your arbitrary/"random" restriction to English as being a poorly conveyed example. Regardless.
The suggestion is the procedure. The 11 characters password is not the suggestion, but an example, clearly tagged as such. You can easily apply this method to a longer string, and you'll accordingly get a larger password with more entropy, it's a no-brainer.
For further detail, here's the actual maths.
Now, regarding step #3. It does increase a little the amount of entropy. But the main reason that it's there is another - plenty systems refuse passwords that don't contain numbers, and some even catch on your "add 1 to the end" trick.
EDIT: I did a major rewording of this comment, fixing the maths and reasoning. I'm also trying to be less verbose.
I don't know how you're meant to remember that "Works" and "Mighty" are capitalized
In most other quotes, the only capitalization occurs once at the start, so it doesn't add any meaningful entropy.
Yours doesn't scale due to step 3.
On the other hand, much like battery staple, it's pretty easy to make up a visual or story in your head to connect the words.
Also, why would you need to scale this past 6 words? At that point it's already more likely that your password is compromised via a keylogger or similar than anything else.
I'll accept this as a downside of the method, but honestly a website that limits your password character length to under 30 is probably doing some other weird shit that isn't good.
Also, the only time you should really be using this method is if for some reason you don't want to use a password manager. Not many scenarios like that that also limit characters.
I feel like the exact opposite is true? Pretty easy to remember "defenestrate". Much easier than remembering which
m
turns into a3
in your method.I'm aware how examples work. It's 11 characters long and already too hard to remember.
Refer to step 1, please: pick a quote that you know by heart. And you're still confusing the example with what it exemplifies.
At this rate it's rather clear that you're unable to parse simple sentences, and can be safely ignored as noise.
so step 1 is actually "learn a long, obscure quote by heart" because obviously it can't be a common quote or it completely breaks the method, and the only quotes you're likely to know are common
you're right this is so easy
somebody's a little spicy over the fact that they gave terrible advice :(
Just sharing this link to another comment I made replying to you, since it addresses your calculations regarding entropy: https://ttrpg.network/comment/7142027