That may not actually be such a bad password (on balance and in
context). Sure it is a dictionary/leet word variant, but five
characters actually carry plenty of entropy (if mixed case and numerics
are also used). However, if you have an authentication mechanism that
doesn't lock out an account and *allows* brute forcing, it doesn't
really matter how strong the password is; given enough
universe-lifetimes an attacker will always guess it eventually.