I stopped reading at the password length isn’t password strength part. This goes against NIST guidelines and is opinion. Just follow NIST password guidelines guys.
This is an explanation and reasoning. It’s designed to make people think about policies and scenarios, and not to blindly apply random suggestions.
What is against NIST guidelines?
The length argument works both ways: just as a purely lowercase alphabetic password, if long enough, is safe, a very short (in term of code points) password with full unicode spectrum can be safe as well.
