It's kind of a fun working out how many passwords that is.<p>So letters + numbers + 3 special characters. Our first and last positions can't be special characters, and we can't have the same letters concurrently, so we're in the ballpark of:<p>62^2 * 64^6 = 264,157,668,573,184 passwords<p>However, passwords <i>must</i> contain a letter, number, and special character. This means that we can eliminate the entire letters + numbers set, the numbers + specials set, and the letters + specials set:<p>(62^2 * 64^6) - (62 * 61^7) - (10^2 * 12^6) - (52^2 * 54^6) = 2,261,873,997,098 - Did I get that math right?<p>That's still a decently large space, but it's small enough to be attackable even if the passwords are hashed.