This is something I've been doing on my spare time, and before anyone jumps to conclusion, the research I did was based solely on Whitehat morals. This basically means I try/use hacking software on test dummies for the sake of internet security. So, this is what I've come to conclusion. If you use any ENGLISH word(s), regardless if you have numbers in your password, you are very, very vulnerable. There are 3 main attacks a hacker will use. A dictionary attack, a hybrid attack, or a bruteforce attack. In runescape, or any other major online game/website, your biggest worries are dictionary attacks and hybrid attacks. A dictionary attack will try the most commonly used word(s) in a password, if not cracked, it will begin to try every word in a word list you supply. (This is where you are at an advantage and I will explain later.) Hybrid attacks are the same as dictionary attacks, except numbers are added. As a default, a loooot of these password cracking programs come with ENGLISH word lists that were copied from large dictionaries. What my idea is this, use words from other languages. Hell, mix up words from different languages. I've never seen anyone use word lists from more than a single ditionary...assuming the target is a Runescape account. If its anything more, than the hacker has bigger fish to fry... For example, my password contains two hawaiian words and one english word. This is just something I though I'd like to share with everyone. Promise I would like to add, do not use the same password for anything. So someone may not try to crack your password for runescape first, maybe your AIM account, and then use that password and try it with your runescape account.