Comment Re:Surprised? (Score 1) 217
Plus it's a bit of a strawman there as you were never supposed to take a real word and substitute 0s and such in, that's never been an accepted practice for as long as I can remember.
back in the real world: upon password creation, it is always accepted by the system, and therefore generally what people use so that they can remember it.
actually most people don't bother with substitution they just capitalise the first letter & add the required characters at the end - which is usually just a number. whenever they are required to change password by the system they increase the number by one.
although - if 'correcthorsebatterystaple' were a standard password creation method, a brute force using a decent dictionary would be quite plausible.