Re: XKCD has been totuting the complexity angle for years
I remember that article., The sole "evidence" he presented was to point out that dictionary attacks exist(with no further details). He then went on to pimp his self-named method for almost all of the article, giving me the impression he was mainly driven by ego. I immediately discarded it as worthless.
I'd have to re-read it in that light - as I said, I never thought real words were a good idea and never used them so, to me at least, it was, at worst, academic or, at best, validation of my own approach. But, given that Bruce Schneier also recommended the same approach as mine and not the xkcd one though, I think I'll stick with mine rather than one that almost certainly never was, let alone is, as secure.
Dismissing it as worthless because of someone's writing style though, no, I'm less convinced by that - the author can be a narcissist and still right.
That said, I don't know of any comparison of the strength of the xkcd method to what people actually do, which is all that matters. Let's not make the perfect the enemy of any possible improvement.
There is no perfect. Or at least there's no provably perfect yet - perfection is either NP Complete or an instance of the Halting Problem (it remains to be seen).
But that's no reason for complacency - if there's a way to do things that might be secure or an alternative that might not be 100% secure but is definitely more so than the other way then there is no argument to be made in favour of that other way unless it is markedly simpler/easier - and how the human brain/mind works dictates that the xkcd approach is, ultimately, weaker in that regard too because unrelated words are harder to hold in memory than a passphrase of related words.