[Anonymous4C54D6]

This article is slightly inconsistent.

All those arguments for why a password's strength doesn't matter because the attackers gets the exact one have one important conclusion: Don't reuse your password.

And then there are a bunch of arguments that the strength mostly doesn't matter but the password shouldn't be too weak.

So we end up with having to remember lot's of non-trivial passwords and now the conclusion should be to use a password manager and certainly not that your password "mostly doesn't matter".

What sadly mostly still doesn't matter is MFA because it is a site-specific pain to set up and use.