I think the one thing that people aren’t mentioning which helps explain why this is a better method is that when a password gets turned into a hash, at least with modern hashes, that hash is always the same length no matter what the password is. So if I have the password of dog and I have the password of supercalifragilisticexpialidocious, those hashes will be the same length. Changing just one letter of the password (say to dod) completely changes the hash as well. This means that the hacker can’t tell from looking at the hash how long the password is or if 2 passwords have similar characters. So say they have cracked the password hunter2, they can’t tell just by looking at it that yours is hunter3 as the hash will be completely different. The only time they would be able to tell is if you had the exact same password as someone else. This means that hackers have to try every character combination as they can’t just tell what strategy you have used and so having a longer password, even if they are all characters means that there are more guesses that would have to be done. Now this does go down a bit if they start doing dictionary attacks but it is still a very large number