There are passwords.
There are rules to cut the risk of using weak passwords.
There are idiots, who do not understand the rationale behind rules. Still, they “improve” rules with their idiotic addenda to impose.
There are users, who complain about idiots and their rules. Unable to separate idiots contribution, they extend complaints to the whole matter.
There are charlatans, who would like to cash in on users who complain about idiots and their rules. They present myriads of various silver–bullet solutions to replace passwords. None of those password killers flies off, but they do cash in just fine.
This is all you have to know about the current state of password security. Would you like to know more?