[pclark]

I feel like this is a stupid question, but what is wrong with having your password be something like "p4ssw0rd"? eg: a dictionary word where a few of the letters are switched for numbers, and maybe even a symbol at the end ("p4ssw0rd$") are these terrible passwords for some reason?

[epmatsw]

Password cracking tools will try variants of dictionary words with common substitutions like that. In this case, a/4, o/0, and s/$ would be swapped out in passwords, and your password would be guessed in a few minutes. John the Ripper is an interesting tool for messing around with this.

[DanBC]

Password crackers will use a "dictionary" - a list of words.

Dictionary building software can create lists of words with those common substitutions. (swapping uppercase for lowercase, or subbing certain numbers for letters, etc.) They can also add numbers to the words.

Ideally, use a good diceware phrase to secure a password safe. Then use the strong password generation features of that password safe to create all the other passwords you need.

(You can write the diceware passphrase down if you need to while you're learning it. Just treat it like high value currency, and destroy it when you've learnt the phrase.)

Access control is a problem waiting for an easier solution.

[seansli]

The problem is that those substitutions are all fairly common, and so any good cracker will make those substitutions as part of its check. https://xkcd.com/936/ is a good reference point.