I find that message misleading. The xkcd comic does have a point, and thus shoul... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		vog on April 11, 2012 \| parent \| context \| favorite \| on: Zxcvbn: realistic password strength estimation I find that message misleading. The xkcd comic does have a point, and thus should be taken seriously. (Despite the obvious downside that those passwords take longer to type, which is why I still prefer short, cryptic passwords.) So a better message might be: "Don't follow the webcomic too closely. :)"

schiffern on April 14, 2012 | [–]

It actually says, "Woah there, don't take advice from a web-comic too literally!"

wh-uws on April 11, 2012 | [–]

Its saying dont use that particular password. Any attacker of this script would know what it was inspired by and attempt that password in a dictionary.

Rendering it about as useless as 123456789 in this instance

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact