Perfect.

Same website.

They want you to use "Tr0ub4dor&3" instead of "correct horse battery staple". They probably have no clue about how password security works. Not giving you the required quantities doesn't actually increase the perceived level of incompetence much further...

So an empty password is ok?

Was their one time password also empty?

Imagine how silly I felt, having exceeeded the max allowable size of email here! Amazes me that people can put stuff live in this condition.

Definitely one of the passwords of all time

@iiii Yes. You obviously should use an autogenerated password stored in a password manager. And for that, every site forcing their own rules also sucks real hard.

The word list scheme actually is for the passwords, you have to rememeber yourself (BIOS/OS login, FS encryption and the main password manager database). And for them, XKCD is right about the math and ease to rememeber (assuming randomly chosen words as stated in the comic) despite having choosen very nice examples for both schemes: https://xkcd.com/936/

You could argue for longer word lists (if the key stretching algorithm of the password manager or FS encryption is weak). But phrases actually are the best brain-based solution in that cases - everything else is harder to rememeber when generated randomly.

@iiii That has already been accounted for. The comic assumes that the password generation scheme is known.

@iiii https://explainxkcd.com/wiki/...

Yes, it does.