the author only considers common words attacks, what about common phrases attacks? with a database consisting of common sentences, (eg. from reuters) those passwords could be broken in a much shorter timeframe than claimed in the article.
A number of posts have made this point and all seem to have not understood the article and the FAQ. (Or just like to nitpick)
Let x be a three word pass-phrase of 11 characters and y be a 6 character standard complex password.
The argument is: x is more secure than y.
You've pointed out a special case where x is also a COMMON phrase, and demonstrated a counter example to the assertion.
So rephrasing the argument:
Let x be a three word uncommon / nonsense phrase and y be a standard complex password.
x is more secure than y (and a hell of a lot more user friendly)
I think with that modification the argument stands, and the specific case of 'this is fun' is a mundane distraction from the real point the author was making.
with that argument you've reduced the problem to how complex (ie. how long) said phrase is. the point the author makes, is that the password should be easy to remember and not a nonsensical phrase (so you don't have to write it on an insecure post-it). I see you wrote uncommon as well, so I agree there might be an uncommon yet easy to remember password, even though this somehow contradicts itself (not subjectively but collectively).
