On Fri, Nov 15, 2013 at 6:09 PM, brian carroll
... if a password service used this principle,... 3-4 sets instead, themselves having special rules...
[set1|set2|set3|set4]
in this way, a 'rolling password' could be developed ...
this feels similar to various guided / ordered permutations strategies that use a corpus of ngrams or words for attacking longer sequences, like passphrases. [with or without decorating permutations like appended numerical sequences and other common substitutions and sequences] the effectiveness of these in practice appears strongly bound to your operational security. e.g. past examples of mining a user's interests to guide successful pass word and pass phrase cracking attempts. i keep waiting for someone to write it, alas: 'No results found for "the art of tactical password cracking"' ;)