Password hacking has been with us as long as we’ve had passwords, but methods have advanced over time. Most cases of password theft occur in one of two ways: phishing or credential database compromise. Phishing mostly occurs when an email message or website induces the reader to enter legitimate credentials into a faked logon prompt. The days of human attackers pretending to be Matthew Broderick in “WarGames” are long gone. Using a password that can’t be immediately guessed in the first few hundred guesses, you’re usually fairly well protected.”]
Source: https://www.csoonline.com/article/2608956/why-you-don-t-need-long–complex-passwords.html