Re: Easy good passwords, here I go again...
if the password is alphanumeric and an actual word or combination of words, dictionary based attacks drastically shorten the time to "guess" [blah blah blah]
Sigh.
Arguments like this are just handwaving without some actual statistics, or at least back-of-the-envelope approximations.
A recent version of the aspell US English dictionary contains around 204800 words. Using an xkcd-style four-word phrase (which gives a passphrase on the order of 20 characters, quite easy to type reliably for many users; I routinely use passphrases twice that long) gives about 70 bits of entropy. That's assuming words are chosen with equal distribution from the list; it assumes nothing about, say, the per-symbol entropy of English.
Note it also assumes the passphrase contains no spacing, punctuation, or non-letter symbols, except the ones that appear in the aspell US-English dictionary (things like apostrophe and hyphen). Those can easily be added by the user in a meaningful fashion, increasing the entropy. It also assumes monocase, or a case-insensitive verification mechanism; if the system is case-sensitive, we can use mixed case as well.
What's 70 bits of entropy worth? Compare it with a random (equal distribution) password drawn from mixed-case English letters, numerals, and a dozen non-alphanumerics. That's 64 symbols, or 6 bits of entropy per symbol. So 70 bits of entropy for the passphrase is just shy of a 12-character password using this scheme.
If you can make a million attempts per millisecond, brute-forcing a 70-bits-of-entropy passphrase takes a little under 19 thousand years, on average.
The trick with xkcd-style bag-of-words passwords is to generate a number of unbiased phrases from the dictionary, then pick one you can remember by visualization, "newspaper headline" interpretation, or whatever. The relatively low per-symbol and per-word entropy of natural language really doesn't matter when it comes to resistance to brute forcing, once the phrase gets to be even a few words long. Models only do well against plausible natural-language phrases.
There's a commonplace among infosec folks that xkcd-style passphrases are not particularly strong. Schneier subscribes to it in this post, for example, talking about the password-cracking bake-off Ars Technica hosted back in 2013. But it's not the scheme itself that's broken. The weakness comes from weak use of it - from users choosing words from too small a dictionary,1 or creating passphrases that are too small.
(Also, the Ars piece only worked with one attack mode - cracking a corpus of unsalted MD5 hashes. While Schneier generalizes that to "password crackers know to combine words from their dictionaries", even with smarter candidate generation, stronger key-derivation functions such as Argon2 are going to slow brute-forcing tremendously.)
Even then, terms like "broken", "weakness", and "too small" are misleading. Absolutes are always inaccurate when discussing security. What we need to talk about is the risk (probable loss) under a threat model. My probable loss for someone brute-forcing my Reg password is very low - I don't have much at risk here, under my threat model. And the probability of someone brute-forcing it is relatively low, because most attackers have little incentive to do so. So my password only has to be strong enough against brute-forcing to lower that risk to a point that I'm comfortable with.
1Generally that means "user has a larger dictionary, but only chooses familiar words, and has a relatively small working vocabulary in the first place". For a random-word-phrase scheme, the user's "dictionary" is the set of words they're willing (with high probability) to use.