IT companies like Microsoft? You've just described the exact password policy that the largest software company in the world uses to enforce a "strong password", under the guises of best practices. I don't know why you blame the end user, when the manufacturer is the one perpetuating this system through documentation, training certifications, and the operating system itself.
But all that aside, those passwords are plenty good enough. Any system that allows an attacker to brute force passwords, especially online, has a design problem. It would take an idiot to build a system that allows 1000 password guesses per second without a timeout. Guess wrong 5 times, and you get locked out for 10 minutes, and a warning email sent. Suddenly you've increased the brute force time to thousands of years, and the target is aware. This is basic stuff, and just about any dictionary word is safe.
Ever increasing complexity is an unnecessary solution. Password breaches are not being done through brute force, there's no real reason to make brute force harder.