I suppose I can understand the need for the stronger passwords, but I hate having it foisted on me. In particularly I despise the mixing of letters and numbers. It reminds me of the hated 733t53@k! I can type a massively long passphrase that is just as strong as a mixed number and letter password, but noooo... for some reason people have to tell me how my own passwords have to be structured. Annoyance galore.
Disclaimer: I'm
not trying to tell you how you must structure your passwords. Just explain how it works.
A long string of random letters will not be as strong as an equally strong mix of letters, numbers, and special characters.
Consider trying to crack a passcode of two characters, of which only 0s and 1s may be used. Possible combinations will be 2
2 (or 4 total combinations) and they are:
00
01
10
11
Making the password three characters long will give us 2
3 combinations, or 8 total, which are:
000
001
010
011
100
101
110
111
Now if we were to try the same with 0-9... well, even just two character long passwords would have 10
2 combinations, or 100- I won't list them all here (It would be 00 - 99 ;) ). That's 25 times as many combinations as before. Likewise, making a password 3 characters long would be 10
3, or 1,000 different possible combinations (000-999), which is
125 times more difficult. Note that while adding a third character to the password in the first case only doubled the amount of possibilities (from 4 to 8 ), when you're using a base set of 10 different characters, going from 2 to 3 multiplies it by the base number of characters- 10.
Adding a single number, or better yet, adding a single number and a special character (such as @,$, or #) will change the number of possible combinations a password cracker has to try to guess a password correctly from millions to quintillions or even more. In other words, instead of taking a couple hours to crack a password, it takes weeks or even months.
In the end, using a mix of lower and upper base characters is far more simpler than using lower and upper case letters with numbers and special characters. Adding just numbers isn't as strong as adding just upper case letters, sure, but it still makes it significantly more difficult for a cracker to guess the password.