How is password strength determined?
We use the WordPress default password strength library.
This analyzes patterns in the password, so it’s looking for more than if the password has symbols, capitalization, numbers etc.
For example, a password of “Passw0rd123!” is not a good password by modern standards. It uses a dictionary word, it uses common number letter replacements, it starts with a capital letter, it ends in a symbol, and it includes a whole number which is a common pattern of sequential digits.
There is a much longer and more detailed explanation here.
However, the short version is that passwords with sequential numbers, starting the password with a capital, or common dictionary words can cause the password to be read as weaker.