Another important aspect is always making sure to have a unique (as in never used before by anyone) password for things. This isn’t just to mitigate you leaking your password and giving access to everything either.

Say a hacker sniffs your packet as you connect to a secure wifi network. They now have an encrypted copy of the wifi password.

They can’t actually use this to connect, and as you said brute forcing it or using dictionary perm attacks to get the plaintext would (hopefully) take ages. However there are lists available from previous major hacks that include all the user plaintext passwords.

Even if you have an amazing password like ‘13crazypinkcows!’ if you used it to sign up for Neopets or whatever a decade ago then it might have made it’s way onto those lists. Poor passwords that other people might have already used and gotten onto the lists are also a problem. Searching the list only takes like 10min and removes any real design work the hacker needs to crack it. Then they’ll have access to the network and can do other things to trick traffic into getting routed through their computer etc.

A good bare minimum approach to avoiding this problem is to tack qualifiers onto your passwords. E.g. <password>reddit2023, though much more secure is to use a password manager whenever possible so that public sites only ever deal with truly random garbled strings.