Length.
If passwords were minimum… 25 characters with all the usual complexity rules and ALSO 5t0pp3d th3 r3gu!4r number/letter/common special character substitutions (because they’re common enough to be coded into whatevers trying to guess passwords), they’d be harder still but hard for humans to remember too.

For each character added, there’s a squaring of the number of checks needed.

E.g. assuming the “normal” UK keyboard has about 104 alphanumeric symbols and characters and all are allowed…

0ne – 104x104x104 = 1,124,864 possible passwords.
0ne! – 104x104x104x104 = 116,985,856.
0ne1! = 1.2166529^10 it starts getting hard to write the number but this is all still “easy” for a computer.

Correcthorsebatterystaple = 2.66583633^50. The computer still has to try every character combination possible so length, even for a simple passwords gets INCREDIBLY hard, very quickly.