The random password generated produces a nine-character string of three lowercase letters, three digits, and three more lowercase letters. This is a total of 308,915,776,000 possible strings, which would be rather hard to guess.

Password requirements often include a need for upper and lower case letters, numbers, and symbols. While this will increase the number of possibilities in a given password string, it makes it difficult to convey the password to others verbally.

A password of “abc123xyz” is much easier to convey that “2xYm4($2y”. While the latter string is one of 51,998,697,814,228,992 possible nine-character strings or 168,326 times more possibilities, in reality the additional randomness offers little security gain while radically reducing the ability to convey or remember the password.

Often the concern is what is known as a dictionary attack, where a list of common password are useds, such as “Password1” or “HiMom”. A password that uses random letters and numbers eliminates the dictionary reference.

To break a password there has to be a mechanism to know if the test is successful. Often it is suggested that with increased computing power the number of tests per second can be increased to the point that breaking a password becomes possible in a short amount of time. However, this is only applicable where the password test can be done on another computer system besides the target. For example and encrypted file can be copied to millions of servers, and each could then test part of the range of passwords. This does not work when someone is attempting to break into your back account.