Dealing with Passphrase Problems
Due to the decentralized design of the blockchain, the user is the only one who received the secret passphrase during the creation of a new Ardor account with the default Ardor client. There is no way for anyone to restore or reset the passphrase, not even for the developers. So if the passphrase is lost, it is impossible to make transactions from the account.
Every combination of characters opens a different Ardor account. So if you mistakenly add an extra space at the end of your passphrase, or make a small typo, you will open a different Ardor account.
The default Ardor passphrase consists of 12 random English words out of a 1600+ words dictionary. This is impossible to crack by brute-forcing. Only if you think you made a small typo, or if you forgot for example 1 of the 12 words, it might be possible to find the correct passphrase by brute-forcing it. Some community members made tools for this, for example, Typo Finder (which needs the public key), and Ardor itself provides a basic password recovery tool Passphrase_Recovery.
If your passphrase and the account that has your ARDR don't match, you are either using the wrong password, or you sent your ARDR to the wrong account by mistake, thinking it was your account.
For example: You create the account, and passphrase A is shown on the screen. You enter it in the client the first time, but you, unfortunately, make a small typo, so you end up in account B. Every combination of chars opens a new (empty) account. You think passphrase A matches account B, so you send your tokens to account B. Now when you enter your passphrase for A without the typo, it doesn't work for account B. When you login with passphrase A, you end up in the real account A, which has 0 ARDR in it. You could try to find out what password B (with the typo) is, that gets you to account B with the ARDR in it, but you'll have to be lucky to find the typo.
The best way to prevent this is to always REALLY make sure you REALLY control your account that has the passphrase. Just send 1 small outgoing transaction from the account before you even put large amounts of funds in it. By the way, the client DOES strongly recommends you to do an outgoing transaction in order to publish your public key to the blockchain for new accounts.