Most people aren’t going to “true” brute force your email or Twitter password. It’s simply not worth it. A true brute force is reserved for long strings of alphanumeric bullshit.

However, they *can* brute force your account using a dictionary or rainbow attack. A dictionary attack uses common known passwords or password parts that it recombines. Every dictionary attack starts with something like this.

* password

* Password

* Password!

* Password1

* P@ssword

* P@ssW0rd!!

Forcing your password to include numbers and symbols (and also to block common passwords) simply makes it harder to bruteforce with a dictionary attack.