diff --git a/libmisc/obscure.c b/libmisc/obscure.c
index 90bfeb9b..27a65cd9 100644
--- a/libmisc/obscure.c
+++ b/libmisc/obscure.c
@@ -75,57 +75,6 @@ static bool similar (/*@notnull@*/const char *old, /*@notnull@*/const char *new)
 	return true;
 }
 
-/*
- * a nice mix of characters.
- */
-
-static bool simple (unused const char *old, const char *new)
-{
-	bool digits = false;
-	bool uppers = false;
-	bool lowers = false;
-	bool others = false;
-	int size;
-	int i;
-
-	for (i = 0; '\0' != new[i]; i++) {
-		if (isdigit (new[i])) {
-			digits = true;
-		} else if (isupper (new[i])) {
-			uppers = true;
-		} else if (islower (new[i])) {
-			lowers = true;
-		} else {
-			others = true;
-		}
-	}
-
-	/*
-	 * The scam is this - a password of only one character type
-	 * must be 8 letters long.  Two types, 7, and so on.
-	 */
-
-	size = 9;
-	if (digits) {
-		size--;
-	}
-	if (uppers) {
-		size--;
-	}
-	if (lowers) {
-		size--;
-	}
-	if (others) {
-		size--;
-	}
-
-	if (size <= i) {
-		return false;
-	}
-
-	return true;
-}
-
 static char *str_lower (/*@returned@*/char *string)
 {
 	char *cp;
@@ -170,8 +119,6 @@ static /*@observer@*//*@null@*/const char *password_check (
 		msg = _("case changes only");
 	} else if (similar (oldmono, newmono)) {
 		msg = _("too similar");
-	} else if (simple (old, new)) {
-		msg = _("too simple");
 	} else if (strstr (wrapped, newmono) != NULL) {
 		msg = _("rotated");
 	} else {
diff --git a/man/passwd.1.xml b/man/passwd.1.xml
index 52b86378..5491ded6 100644
--- a/man/passwd.1.xml
+++ b/man/passwd.1.xml
@@ -94,27 +94,10 @@
       </para>
 
       <para>
-	Then, the password is tested for complexity. As a general guideline,
-	passwords should consist of 6 to 8 characters including one or more
-	characters from each of the following sets:
-      </para>
-
-      <itemizedlist mark='bullet'>
-	<listitem>
-	  <para>lower case alphabetics</para>
-	</listitem>
-	<listitem>
-	  <para>digits 0 thru 9</para>
-	</listitem>
-	<listitem>
-	  <para>punctuation marks</para>
-	</listitem>
-      </itemizedlist>
-
-      <para>
-	Care must be taken not to include the system default erase or kill
-	characters. <command>passwd</command> will reject any password which
-	is not suitably complex.
+	Then, the password is tested for complexity.
+	<command>passwd</command> will reject any password which is not
+	suitably complex.  Care must be taken not to include the system
+	default erase or kill characters.
       </para>
 
     </refsect2>
@@ -139,6 +122,17 @@
 	used as guesses to violate system security.
       </para>
 
+      <para>
+	As a general guideline, passwords should be long and random.  It's
+	fine to use simple character sets, such as passwords consisting
+	only of lowercase letters, if that helps memorizing longer
+	passwords.  For a password consisting only of lowercase English
+	letters randomly chosen, and a length of 32, there are 26^32
+	(approximately 2^150) different possible combinations.  Being an
+	exponential equation, it's apparent that the exponent (the length)
+	is more important than the base (the size of the character set).
+      </para>
+
       <para>
 	You can find advice on how to choose a strong password on
 	http://en.wikipedia.org/wiki/Password_strength
@@ -473,6 +467,9 @@
       <citerefentry>
 	<refentrytitle>chpasswd</refentrytitle><manvolnum>8</manvolnum>
       </citerefentry>,
+      <citerefentry>
+	<refentrytitle>makepasswd</refentrytitle><manvolnum>1</manvolnum>
+      </citerefentry>,
       <citerefentry>
 	<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
       </citerefentry>,
@@ -488,5 +485,11 @@
 	<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
       </citerefentry>.
     </para>
+
+    <para>
+	The following web page comically (yet correctly) compares the
+	strength of two different methods for choosing a password:
+	"https://xkcd.com/936/"
+    </para>
   </refsect1>
 </refentry>