I got the point of the cartoon and I never argued that Randalls figures were wrong. I just think it's bad advice to give none technical people to say common words are secure because there's a risk that they won't use a sufficiently long (read: number of words) password.

At the end of the day, the whole password model is broken, and Randall summed that part up succinctly.