[andyakb]

Nobody starts brute forcing at "mycat." Even if they somehow knew that's how it started, that barely helps them. They don't know how many other words there are, or what the next one is. Simply because it is more likely to be "my cat likes" does not mean it is now feasible to crack. Without social engineering, that password is not crackable for all practical purposes and is far from a terrible password.

[ZoFreX]

No, but we're talking about brute forcing billions of attempts per second, and we're not up against randomness, we're up against "the best pseudorandomness the human brain can muster", so the odds aren't 1 / <number of possibilities>. A password is severely weakened if it isn't sufficiently random.

[legutierr]

What Wordpress site can accept billions of login attempts per second?