A random 5 words is hardly simple or easy to remember. The entire selling point of passphrases is exactly that.

It's a hard problem that is IMO best solved with hardware secure keeping of secrets and a rate limited pincode.

You're not supposed to remember all your passwords. You will need to remember at least one master password and maybe a couple more.

But you can't suggest that remembering 5 random words is harder than 20 random characters?

The goal is "simple" if possible, but "simpler" is still a lot better than "practically impossible".

I'm not suggesting that 20 random characters is easier to remember, but for average Joe, it might as well be the same. Not only do they have to remember the words, the sequence, and how to spell them. Unfortunately we cannot expect this from users in general - the worst offenders write down a password like "rocket", so there is no hope that they'll try to remember a sequence of random words.

We shouldn't have remember passwords at all IMO. It's creating entropy by remembering things, but the human brain is inheritly bad at remembering exact things. Things like a yubikey is a better idea, plug it in, enter your pincode, and use a key pair to authentication. All the user have to do is keep track of the physical thing and the pincode.

> A random 5 words is hardly simple or easy to remember

You use well-known the mnemonic trick demonstrated in the last panel of the comic.