Another problem that's easy to overlook until it isn't is entering your password in front of people - if you're selecting stuff on screen then that's a lot more likely to be seen than typing on the keyboard.
> If password is short, it's still gonna be quick to crack
Only if the cracker is brute-forcing instead of using common passwords mixed with dictionary words, and if the brute-forcer thought to implement emojis. Given how many emojis there are, it would by psychotic to include them in a brute-force attack unless you already know the person used emojis.
There are ~1800 widely supported emojis. That blows out the search space. There are 10^19 possible passwords for a 6 character alphanum+emoji, the same as a 10 character password using just alphanum + simple keyboard symbols.
But what's the actual distribution of usage of emoji? I'm guessing there is a small-ish set that people actually use, just like there is a small-ish set of words that people will pick from if you ask them to pick a passphrase containing "random" words.
Unless you pick the passphrase for them, you're not really gaining the advantage of the search space size.
Except people will probably stick to a few common ones and do a pattern. Love eyes x2 heart heart, thumbs up -- just like people don't pick words uniformly.