the majority of respondents understanding that passwords should contain uppercase and lowercase letters, numbers and symbols
Yup. A password under 8-12 characters in length, consisting of a simple dictionary word (with simple digit substitution of a = 4, e = 3, i = !, random capitalization, etc) can be solved by a GPU in less than a second or two. Combine several non-related words together and you might have a fighting chance. Don't even get me started about how many friends and relatives don't use 2-factor auth.