While length will certainly combat brute force attacks, a complex password will help against dictionary and other hybrid type attacks.
Using more character sets and not doing simple replacements (like leetspeek or common substitutions)
Ħ7P0 is stronger than h|p0 is stronger than Hypq0 is stronger than H1pp0 is a stronger than Hippo which is stronger than hippo
Common substitutions would be like @, , for A, !1|iIl for L etc. Avoid these wherever possible, but still use special characters.
Of course you still don’t want a 5 character long password, this is a simplified example.
You’re really best off with random strings that are long. Consider using a locally stored password manager for these.
