We use the WordPress default password strength library.
This analyzes patterns in the password, so it’s looking for more than if the password has symbols, capitalization, numbers etc.
For example, a password of “Passw0rd123!” is not a good password by modern standards. It uses a dictionary word, it uses common number letter replacements, it starts with a capital letter, it ends in a symbol, and it includes a whole number which is a common pattern of sequential digits.
There is a much longer and more detailed explanation here.
However, the short version is that passwords with sequential numbers, starting the password with a capital, or common dictionary words can cause the password to be read as weaker.