This comic can be a bit misleading if people don't understand the reasoning behind it.
The initial password "Tr0ub4dor&3" only has 28 bits of entropy if the attacker knows all the things pointed out in the first panel - you are using a base word, with common substitutions, followed by a single punctuation and a single number, etc. If the attacker doesn't know that and is just trying to bruteforce your password, then it actually has 95
11 combinations which is 72 bits of entropy and astronomically more secure than 28 bits.
If the attacker tries a dictionary attack on the second password, then it has an entropy in the range of 170,000
4, which is 69.5 bits, so would be marginally less secure than the first password.
If you use a truly random password or passphrase, preferably one generated for you in a secure method and not one you pick yourself, then you can end up with far greater security. 15 random characters has an entropy of 98 bits, which even if someone can try 1 quadrillion possibilities a second, is going to take over 14 million years to crack.
