One way to have long, but memorable passwords is to construct them using the first letter of each word a rather long, but memorable quote/phrase. E.g., The opening of the Gettysburg Address yields: fsasyaofbfutcannciladttptamwce. And if you forget the exact words, you can always look them up.
It is probably just a concatenated string of his credit card number or social security number and random words. I wonder if they are currently trying to crack it using some kind of dictionary brute force mechanism, or if there is some kind of lock out enabled after five tries.
If they have physical access, then there is no effective lock-out mechanism. Presumably they can determine which encryption software is used, and can use the algorithm as many times as they want.