Except nobody is out there guessing passwords. That’s a flawed basis and advice that was outdated a decade ago. They’re pulling them from site breaches and brute forcing dictionary attacks with bot nets. The best thing the average person can do now is a locked file to store their passwords. The password on that is a unique easily memorable thing and everything else can be gobbledygook because you have a reference. And yes unencrypted but locked files aren’t a big block to a hacker in your computer. But the average person isn’t facing that problem.

And if you’re not an average person then you should be using a physical 2fa device on the principle that even if it’s stolen, they would still need to gain physical access to the computer.

The one thing you shouldn’t do is use a 24 character hash on every site and leave it for a year because it’s “hard to guess”. It will get breached and decrypted well before then.