Abstract : Using only publicly-available data and very modest computing power, we built a dictionary of several million famous sentences, and used it to crack millions of passphrases, and some mnemonic-based passwords. It shows that even low-skilled attackers can crack such passwords very easily, confirming that they offer very poor security.