The password strength thing has two poles.
On one side the person who wrote the original password complexity and updating garb in the 70s admitted that he had not expected it to be picked up so widely, but also admitted he had caused so much insecurity in computing because... the majority of people start writing passwords down when they get too complicated to remember. Defeating the purpose.
On the other side however, in todays world of cloud castles which present perfect targets.... all your eggs in one big basket alone with everyone elses... databases get hacked. Entire user data tables get stolen. Thankfully 99% of them, these days, if it wasn't written by a 16yo in his bedroom will encrypt or at least hash passwords. Turns out however if you had that table of hashed passwords to a 3080 GPU running custom software it will have most of the 6 or less digit passwords brute forced in minutes. It's only when you get above 10 digits which include the full upper, lower, number, punctuation 70 odd characters... that it starts to take hours and hours and hours. I believe it takes several weeks to crack the 12 digit complex passwords if it can. They don't just use rotating guesses either. It is pre-trained and has massive pre-canned "seed" passwords like "password", "passwd", "petsname", It scans with those, then modify them slowly, combine them etc. etc. The software just generates milliions of passwords a second and compares the hashs to all the passwords in the DB. They even have the most popular few thousand passwords pre-hashed. Heck there is a website out there that will give you the possible values for a hash. No shocker that short passwords like "password" tend to reverse quite easily once you filter out the random garbage.