[pieter_mj]

How much does the recipe of strict requirements limit entropy of the password or enhance its predictability (both are somewhat related)?

More of a problem is password reuse for multiple sites, which is impossible when using SSH keys.

[fragmede]

Not to admit to poor security practices in public, but I don't generate different ssh keypairs for every server I log in to. If each keypair represents one password, and we're never supposed to reuse a password, I'm in trouble.