> Yep. While there might be some use cases for his ultra-simplistic "Mossad/not-Mossad duality" - say, convincing Bob Jones that "b0bj0nes" is not a great password - it's 99% fairy tale.
Honestly, the oversimplification here reads to me more like something Bob Jones could use to justify not caring about "b0bj0nes" not being a great password.
I was thinking, "Bob, stop making excuses about how it's hopeless, and you'd need a 'U0hBNTEyICgvdmFyL2xvZy9tZXNzYWdlcykgPSBjNGU2NGM1MmI5MDhiYWU3MDU5NzdlMzUzZDlk'-level password to be safe. That 'b0bj0nes' is so easy that a bored kid might get it in a few dozen guesses, and you need to change it to something better."
That password should include symbols too! Without symbols, each character is one of 62 values (sticking to ASCII letters and digits). Including symbols makes it much harder to guess passwords of a given length. Even better would be Unicode letters, digits, and symbols, even if you stick to the Basic Multilingual Plane.
Best would be non-text, binary strings. Since I already use a password manager, I don't really need to type passwords by hand. But I do understand most people prefer text passwords that could be entered by hand if necessary.
Except that's exactly what the Mossad will be expecting us to use, for our uber-secure password! By eschewing symbols and binary, we are actually meta-out-smarting their ultimate giga-quantum nuclear crypto cracker.
Or: This is Bob "Dim Bulb" Jones we're talking to. KISS, and maybe we can convince him to upgrade his password to "iwantacoldbeernow".
Sorry, your password does not meet complexity requirements because it does not contain at least one of each of the following: uppercase letters, lowercase letters, numeric digits, nonalphanumeric symbols.
Honestly, the oversimplification here reads to me more like something Bob Jones could use to justify not caring about "b0bj0nes" not being a great password.