additional layers of transformation could also be included that use symmetries or other calculus-like transformations. consider the previous example... [1][2][3][4] ---> [2][4][1][3] now consider if within each subset additional characteristics could be modified, such that set 2 is mirrored by vertically by the letters that obey these principles... and set 1 has its letters in reverse... and sets 3 and 4 are rotated 180 degrees [pass]-[wo]-[r]-[ds] ---> [mo]-[sp]-[ssap]-[J] and that this could also be dynamic and change, for a given instantiation of the base password as it is mediated for login, as an ever-changing password with its own variability which could change daily given, say, a range of 30 such criteria that may or may not be accessible in various combinations then rulesets would be important, what if some letters can be transformed and others cannot, are substitutions chosen or are only some characters changed, or how to deal with a character with multiple options for superposition translation this kind of exponential potential for passwords in a context where the simple model is so simple to allow easy hacking, what if systems were designed to be significantly more difficult to access and that /time/ was leveraged to limit unauthorized access and to limit, via relativism, what can be seen in a given threshold or timeframe, to potentially make it impossible for automated attacks of logins via brute-force via zombie-nets, by making the odds more the opposite of what they are today, given access, enough time and dictionaries, versus limiting the exploitable window, limiting the time frame, and use of dictionaries via increased variability that is never static, and thus each login could tend more towards 1 in a million guess, by chance, and have that be the repeated situation encountered at login, versus allowing 10 million attempts to gain illegal access it just seems common sense that perhaps it is made to be broken and that without such introducing or allowing parameters of such increased difficulty, that perhaps it is the design of the ecosystem itself versus its merit in terms of 'actual security' versus what is allowable, thus making the password issue itself that of a false perspective, as if 8-12 alphanumerics w/special characters is maxing out possibilities when instead limiting the questions to those parameters may force another approach prematurely, which could be even worse, policy-wise 😺 😶 😈