Nowadays, most people use password managers (hopefully). However, there are still some passwords that you need to memorize, like master password (for a password manager), phone lock, wifi password, etc.
Security wise, can passphrase reach the strength of a good password without getting so long that it defeats the purpose of even using it?
Brute force is only a thing when either they have the password hash, or the login portal is susceptible to brute force (ie shite). Both cases are rare.