Due to the decentralized design of the blockchain, the user is the only one who received the secret passphrase during creation of a new Nxt account with the default Nxt client. There is no way for anyone to restore or reset the passphrase, not even for the developers. So if the passphrase is lost, it is impossible to make transactions from the account.
Every combination of characters opens a different Nxt account. So if you mistakenly add an extra space at the end of your passphrase, or make a small typo, you will open a different Nxt account.
The default Nxt passphrase consists of 12 random English words out of a 1600+ words dictionary. This is impossible to crack by brute forcing. Only if you think you made a small typo, or if you forgot for example 1 of the 12 words, it might be possible to find the correct passphrase by brute forcing it. Some community members made tools for this, for example https://ardor.tools/typo/typo.html (which needs the public key) and NXT itself provides a basic password recovery tool https://nxtwiki.org/wiki/Passphrase_Recovery. You can also ask for help in nxtforum.org or the Nxt Slack chat.
If your passphrase and the account that has your NXT don't match, you are either using the wrong password, or you sent your NXT to the wrong account by mistake, thinking it was your account.
- You create the account, and passphrase A is shown on screen. You enter it in the client the first time, but you unfortunately make a small typo, so you end up in account B. Every combination of chars opens a new (empty) account.
- You think passphrase A matches account B, so you send your NXT to account B.
- Now when you enter your passphrase for A without the typo, it doesn't work for account B. When you login with passphrase A, you end up in the real account A, which has 0 NXT in it.
You could try to find out what password B (with the typo) is, that gets you to account B with the NXT in it, but you'll have to be lucky to find the typo.
The best way to prevent this, is to always REALLY make sure you REALLY control your account that has the passphrase. Just send 1 small outgoing transaction from the account before you even put large amounts of funds in it. By the way, the client DOES strongly recommend you to do an outgoing transaction in order to publish your public key to the blockchain for new accounts.