(no title)

to be more clear,

1. dog is weak 2. horseloverwhatever is weak 3. 8randoms! is weak 4. therefore, dog is as good as horseloverwhatever or 8randoms! 5. most account compromises do not even require a brute force (shoddy practices on the backend) making the complexity requirements pointlessly burdensome on the user 6. in cases where you want a password to resist a legitimate brute force, we need to talk about passphrases (ie > 50 chars) or passwordless

what u think?