A lot of people I talk to, I end up talking about how people don't do anything that inconvienences them, even if it hurts them in the long run.
They don't take that to heart though, as I talk to them later about shitty passwords, and they tell me "oh, my password is X characters long I don't need to worry", which when I hear that, that immediately tells me they think that length matters more than guessability. A majority of people, a lot of my friends included, often use passwords that are predictable.
From here on out, I'll be addressing passwords like so: ?s means one special character, ?d means one digit, ?u means one uppercase letter, and ?l means one lowercase letter.
An example of this, is that they'll make passwords like so: ?u?l?l?l?l?l?d?d or something similar.
At first glance, this might seem okay, it's 8 chars long, "it'd take someone 30,891,577,600 total combinations to figure it out!".
NO
Why not? Because a majority of the time, entropy isn't in the equation. They often use a word, and then two digits.
[Spring][08] 171,476 words in the english dictionary, then add the two random digits and you get a MUCH smaller combination count. Which can take in some cases less than a couple hours to crack. See, not being able to guess the way a password is formulated is key to keeping bad actors from cracking it. Accept it.