slightly off topic: For the likes of windows passwords back in the 2000/2003 server days, it looked to the lay person (me) that, only stored the first 8 characters were encrypted in the SAM (no idea what 2008/2012 does) The remaining characters were readable (with a tool like l0pht), so to use Bens example, it would show as
pre any bruteforce decryption. A human could probably figure out the missing words, or at least know not to bother with numbers, uppercase or symbols for the brute force crack.
Maybe using long alphanumeric + symbols passwords is the way forward again to make the delay too long for the brute force method to find the password i.e. before the important passwords get changed
Must investigate to prove this one way or another to myself!
Did you get access denied? Great the security works.