Patterns in passwords

Patterns in passwords

I am posting to ask about two conflicting password recommendations. I know only bits and pieces about cryptography. Let me begin by checking a basic assumption: in a cracking attempt, a string is hashed and compared to the target, so that a wrong guess provides no information other than eliminating that particular string. Is this correct?

My questions relate to this recommendation on grc (2012)

[A]fter exhausting all of the standard password cracking lists, databases and dictionaries, the attacker has no option other than to either give up and move on to someone else, or start guessing every possible password. Once an exhaustive password search begins, the most important factor is password length! The password doesn't need to have “complex length”, because “simple length” is just as unknown to the attacker and must be searched for, just the same. “Simple length”, which is easily created by padding an easily memorized password with equally easy to remember (and enter) padding creates unbreakable passwords that are also easy to use.

On the other hand, according to this, the KeePass password meter

searches for patterns, like e.g. popular passwords (based on a built-in list of about 10000 most common passwords; variations by upper-/lower-case and L33t substitutions are detected), repeated sequences, numbers (consisting of multiple digits), constant difference sequences, etc.

and reduces the quality (entropy) score accordingly. This topic discusses fortuitous patterns in randomly-generated strings; the answer said that the chance of a weak password resulting is negligible. KeePassXC rates the examples given there as follows:

• Have things changed so much since the grc page was written in 2012?
• Does the KeePass meter reflect common search strategies?
• How widespread are things like rule-based attacks?
• Or are patterns bad mainly because passwords with patterns are considered more likely to have been used and thus to appear in databases?