diff --git a/tiddlers/content/labs/03/_Labs_03_Password complexity calculations.md b/tiddlers/content/labs/03/_Labs_03_Password complexity calculations.md
index 2ad594a..fd485bb 100644
--- a/tiddlers/content/labs/03/_Labs_03_Password complexity calculations.md
+++ b/tiddlers/content/labs/03/_Labs_03_Password complexity calculations.md
@@ -56,6 +56,8 @@
4. What if you limited the alphabet to lowercase letters only, but extended the length to 18 characters?
- 5. Of course, the effective entropy depends on the attack scheme used (as well as the popularity of certain passwords). What if you used the "correct horse battery staple" scheme from the xkcd cartoon? Assume a dictionary of 2000 words, and a dictionary-based attack rather than character-wise brute-force.
+ 5. Of course, when people are able to choose their own passwords, certain permutations of characters are (far!) more likely than others. Discuss how this would affect the entropy, and how an attacker might use the popularity of certain passwords to their advantage.
- 6. Critique the proposed xkcd password scheme. Is it sufficiently secure in terms of the number of permutations? What are the main points the author was trying to make?
\ No newline at end of file
+ 6. Of course, the effective entropy also depends on the attack scheme used. What if you used the "correct horse battery staple" scheme from the xkcd cartoon? Assume a dictionary of 2000 words, and a dictionary-based attack rather than character-wise brute-force.
+
+ 7. Critique the proposed xkcd password scheme. Is it sufficiently secure in terms of the number of permutations? What are the main points the author was trying to make?
\ No newline at end of file