Your Password Is Not As Strong As You Think It Is.
When I was going through xkcd few months back, I came across the following comic.
That's when it hit me. The 8 character long, hard-to-read passwords with lowercase & uppercase characters, numbers and symbols that I was recommended are no stronger than my username itself. The dumber me had always been believing that if a password were hard to be read, the hackers would not be able to guess it. But, the smarter me made sure that I did not reuse nor tried out semantic versioning on my passwords.
The reason why most people use hard-to-read yet short passwords might be because they believe that the short ones are easy to remember while being complex with all the symbols, numbers and camel case characters. Yes, they are complex enough for humans but, for a machine (or a human who is smart enough to enjoy a movie reading the .mp4 file on a text editor) they are just 1's and 0's and the bad guys almost never try to guess the passwords. So, one should focus on making it complex for a machine by increasing the password entropy.
Password Entropy
Password Entropy is simply a measure of how strong a password is for a machine to find using a brute-force attack. The entropy is calculated by E = L * log2R where L - Password Length and R - Size of the character pool. If the character pool is 80 (with 46 English characters, 10 numbers and special symbols), log2(80) = 6.32 whereas log2(46) = 5.52 (both lowercase and uppercase), log2(26) = 4.7 (only with lowercase) when only the English characters are used. From this, it can be deduced that a larger character pool has less impact on the entropy when compared to the length of the password.
So, having a longer password even with the lowercase letters would be more secure(stronger) than the passwords you might currently be using now. Sometimes the size does matter. Go forge em long with less bs.