Spread this like wildfire.
Does anyone understand the cited math in that column? How does an 11-character password translate to 28 bits of entropy and 28 characters to 44 bits?
Not me, but maybe it’s because it’s a binary logarithm? 
Yes, I saw that, it is one of the reasons that I am modifying both codes to some degree and integrating them together, there are still elements that are good from both, such as you shouldn’t use repeating letters or numbers and the password shouldn’t contain common passwords such as password.
I read that somewhere else and thought “that is nonsense”.
Instead of 10 different random characters out of about 40 you now select 4 or 5 words out of maybe 1,000-10,000 common words?
10^40 vs 10,000^5 aka 10^15
How is that more secure???
that sounds like a totally insecure method… Seriously… I could probably write a brute force cracker for that in a few hours
since “words” are structured, the patterns in the “password” will be easy to find in the 10,000 word list, thus reducing that list to hundreds … a truly “strong” password has no patterns, totally random, uses all available “printable” characters (96 not 26)
Now and then one has to actually write those random passwords: totally absolutely useless. The same goes for those “remember the first words of a sentence” nonsense.
Hackers start with brute force attacks. So they try the 1 mio most often used passwords. Then the do change rules for the passwords. Like what the children love to write: 4 instead of “for”. Or common misspellings. Or numbers at the end. Therefore, these passwords aren’t more secure like the original words.
Now do four words “last night thunder storm”. Garnish with special characters and case sensitivity and misspelling “last)niGhtt&thunder834834storm”. You got a word that is good against a dictionary attack. And which you can type in case of need.