This is a terrible idea. It's one thing to ask a person to remember which characters they replaced in a word. It's another thing entirely to ask them to remember three different ways they swapped characters. This is a recipe for having to brute-force your own password. It's also still not as secure as you might imagine. There's very little entropy added by swapping characters (even though I do it as well), because there are very few substitutions that people make. "Hacker News Hacker News Hacker News" is nearly as secure as your convoluted 3rd passphrase, but a lot easier to remember.
The repeat-three-times thing is probably not great advice, either. If this became popular, it would be trivial to add this to brute-forcing code, and it doesn't add as much entropy as adding just one extra character.
I don't think the XKCD suggestion is actually good, either. Open a book and pick a medium-length sentence. There's your passphrase: an n-gram chosen arbitrarily from the corpus of (probably) English literature containing mixed-case and punctuation. You've got a ton of entropy there.
Sorry, should have linked back to that myself. Still, 41 bits, while less than the 44 bits from the XKCD algorithm, is a lot more entropy than most passwords have.
This is a terrible idea. It's one thing to ask a person to remember which characters they replaced in a word. It's another thing entirely to ask them to remember three different ways they swapped characters. This is a recipe for having to brute-force your own password. It's also still not as secure as you might imagine. There's very little entropy added by swapping characters (even though I do it as well), because there are very few substitutions that people make. "Hacker News Hacker News Hacker News" is nearly as secure as your convoluted 3rd passphrase, but a lot easier to remember.
The repeat-three-times thing is probably not great advice, either. If this became popular, it would be trivial to add this to brute-forcing code, and it doesn't add as much entropy as adding just one extra character.
I don't think the XKCD suggestion is actually good, either. Open a book and pick a medium-length sentence. There's your passphrase: an n-gram chosen arbitrarily from the corpus of (probably) English literature containing mixed-case and punctuation. You've got a ton of entropy there.