Yes in your specific scenario, you are righr. But if you even the playing field, apples to apples. If you have 4 words of each 4 letters plus random char at the ebd, lets say equating to 20 characters in total, a random 20 character password is better. Words/phrases are now commonly added to bruteforce attacks unlike before. Use an good password plus a 2fa that isnt sms or email for best protection, or dump passwords if you can for hardware keys.