The reason why you can’t use a password you originally had is because users would just continually use the same password. If the combination is always the same it makes it much easier to guess over time. It’s easier to hit a stationary target than a moving one.

If you were going to guess a card out of a standard 52 card deck, and you had unlimited time, you’d eventually get it. The chance you’ll get it right is lower if after three failures the ‘owner’ of the deck shuffles the card.

The chance of guessing it is even *lower* if you have to correctly guess the card *and* roll a dice. So a password with a good amount of uppercase letters, lowercase letters, special characters and numbers is like guessing two cards correctly, predicting a dice roll, and correctly guessing 5 coin tosses.