Originally Posted by
exwannabe
I agree with your math.
But that is not the only issue. Unless you are using a password store of some sort, then you have a trade off of recall ability vs strength, and special characters help on this.
The only way most humans can remember a long string of letters is if they have meaning. And that puts a dictionary in play.
Special characters make it harder to recall though, at least in my experience. I also believe the xkcd comic takes into account the decreased strength of dictionary passwords in their entropy calculations, the basic math I outlined was just used for simplicity's sake.
I think the point made by xkcd remains true that increasing the length will have a much greater impact on password security than increasing the character set.