On the face of it, this sounds like a good password policy. But if we look closer, these restrictions in fact make any valid password much weaker. First, consider how many 3 digit prime numbers are there? There are only 899 3-digit numbers in all. And how many of those are prime? Certainly far less then 899. For the sake of argument, let's say that number is 400. Now given that there must be a 3 digit prime, we also know that 3 consecutive characters in your password must be numbers, and must be this prime. Given that most passwords are no more than 8 characters long, this leaves us only 5 additional characters to guess in most cases.