We now live in a world where a New York City sixth grader is making money selling strong passwords.
For those you who don’t know Diceware “is a method for creating passphrases, passwords, and other cryptographic variables using an ordinary die from a pair of dice as a hardware random number generator. For each word in the passphrase, five rolls of the dice are required. The numbers from 1 to 6 that come up in the rolls are assembled as a five-digit number, e.g. 43146. That number is then used to look up a word in a word list.”
Arnold Reinhold (who created Diceware in 1995) writes, “[Hackers] claim they can crack a random 8-character password in under six hours. At that speed, attacking a 5-word Diceware passphrase would take on average of 7,300 hours or 10 months to find the correct passphrase, assuming they knew you were using Diceware and developed equally efficient software designed to try only valid Diceware words.” Throw in a random character in place of a letter makes it even stronger.
And honestly what’s easier to remember: “qW!asg41” or “Ga$olinePigWindowLazyFort”?