Here is a short primer on how passwords are cracked. Crackers steal a copy of the password file from a machine; that file contains the encrypted value of your password. They then run a crack program on their home computer (usually something like a Pentium) against a dictionary and employ some knowledge of human behavior to create passwords until they find a match between the encrypted value they generate and the encrypted value in the password file. They don't sit at their keyboard and repeatedly try to login to your account by guessing your password. If you only think about passwords as strict permutations of characters, then you won't understand how to create a good one. Everyone recognizes that the permutation "he3ll9o" is as likely to randomly be guessed as the permutation "hello39". However, crackers don't go about this randomly because they only have so much computing power. So they make some decisions about what they will try. Since many people put leading or trailing digits on dictionary words, that's what crack programs try. In the above case they would try the combination hello1, hello2, hello3, etc, then hello11, hello12, hello13, etc, until they got to hello39 and got a match. The reason he3ll9o is more secure is because they don't have enough computer power to try all the combinations that include embedded digits (or special characters). Similarly, a common technique people use to create passwords is to substitute a digit for a vowel (h3ll4 for example). Since crackers know that people do this, this is one of the rules they use to try to crack passwords.