Not nessaceraly, the instant the attacker needs to guess more than 3 words, in what order, capitalization, and if you've seperate them with a number or special chars then they are entering an attack time on the order of infeasible, even with a dictionary to work with.
int eh XKCD each word is given 11 bits of entropy 2^11=2048 not the 30k some common English words so they are already factoring a dictionary attack.
add some common substitutions and capitalization and you can bump that to 13 bits per word. add some special chars in between or at the end/beginning and you can add more.
For example:
someWords?P4ss/Secur3! is approximately 46-50 bits of entropy even assuming a dictionary attack and is still relatively simple to remember.
even at 10k guesses per second (10x the rate assumed in the XKCD) that's 230-3500 years to guess.
That said, this should be for your main email account and bank and stuff. The things you may need to access without your password manager. for most things use a randomly generated password stored in a password manager.
lie
This is less secure against dictionary attacks
Not nessaceraly, the instant the attacker needs to guess more than 3 words, in what order, capitalization, and if you've seperate them with a number or special chars then they are entering an attack time on the order of infeasible, even with a dictionary to work with.
int eh XKCD each word is given 11 bits of entropy
2^11=2048
not the 30k some common English words so they are already factoring a dictionary attack. add some common substitutions and capitalization and you can bump that to 13 bits per word. add some special chars in between or at the end/beginning and you can add more.For example:
someWords?P4ss/Secur3!
is approximately 46-50 bits of entropy even assuming a dictionary attack and is still relatively simple to remember.even at 10k guesses per second (10x the rate assumed in the XKCD) that's 230-3500 years to guess.
That said, this should be for your main email account and bank and stuff. The things you may need to access without your password manager. for most things use a randomly generated password stored in a password manager.