I was talking to a friend about passwords and I came to think of this: The always epic XKCD is of course right, choosing four random words as your password is better than choosing a series of numbers and letters. Now the comic makes it a little bit too geekish maybe, talking about bits of entropy and whatnot. But the way I always learned to calculate brute-force strength is by taking the “degrees of freedom” or in other words, how many possibilities there are, times the number of times you have that possibility, i.e.