There are commercial programs that do password cracking, sold primarily to police departments.
There are also hacker tools that do the same thing. The efficiency of password cracking depends on two largely independent things: power and efficiency. As computers have become faster, they're able to test more passwords per second; one program advertises eight million per second.
A good password cracker will test names and addresses from the address book, meaningful dates, and any other personal information it has. If it can, the guesser will index the target hard drive and create a dictionary that includes every printable string, including deleted files.
If you ever saved an e-mail with your password, or kept it in an obscure file somewhere, or if your program ever stored it in memory, this process will grab it.
Then it tested them each with about 100 common suffix appendages: "1," "4u," "69," "abc," "! It recovered about a quarter of all passwords with just these 100,000 combinations.
Crackers use different dictionaries: English words, names, foreign words, phonetic patterns and so on for roots; two digits, dates, single symbols and so on for appendages.
His goal is to turn that encrypted file into unencrypted passwords he can use to authenticate himself.
One cracking program I saw started with a dictionary of about 1,000 common passwords, things like "letmein," "temp," "123456," and so on.
And it will speed the process of recovering your password.
Last year, Ars Technica gave three experts a 16,000-entry encrypted password file, and asked them to break as many as possible.
The winner got 90% of them, the loser 62% -- in a few hours.
It's the same sort of thing we saw in 2012, 2007, and earlier.