i agree. but most sites that enforce a policy (8 chars, symbols, etc) are bruted just as easily. we need to take a step, away from passwords, to secure against brute force in 2022
well the gp's point is that it literally is not 'just as easy' because the space of possible passwords increases greatly with each character, such that 'dog' is much, much easier to bruteforce than 'doggie12'.
To be fair, I'd probably crack doggie12 sooner than dog because who has ever seen a website with a password length requirement below 6. But technically, yep you're 100% right.
The length of the password only somewhat matters for rainbow tables -- they're not limited to dog-sized passwords -- but also, I rarely come across implementations these days that do not use a salt of some kind, which defeats existing rainbow tables. Generating one-off tables is about as expensive as just cracking the hashes directly.
(Then again, the implementations I see are mostly from well-known projects or customers that care enough about security to hire us. It's biased, but I do think word has gotten round about hashing and salting.)