I think they've messed up there security analysis tbh.
The reason "HORSE" is less secure than "HOR5E" is because you can complete the rest of the word from the starting few letters, because the words architecture is set by the English language layout.
ie,
5 letter word starting in HOR
I bet most people would guess "HORSE" pretty quickly.
So they claim CorrectHorseStapleBattery is 44 bits of entropy, but it isn't, because our language has fixed rules as to what letters follow which other ones.
Anyway, that's really beside the point, as password security is not linear imo.
Once you move away from a simple password "1234" or your mums names or whatever, the practical level of security means the following:
1) You are more likely to get "hacked" by some backdoor (key logger etc) or software flaw. ie, the hackers won't "Crack" your password they'll crack the system for entering & validating that password, over which you have no control.
2) If someone really wants it (your password), they'll just hold a gun to your head and ask for it.
3) It's not like in the films where you can brute force a password any longer. Pretty much all systems will not allow repeated and rapid password entries without flagging an attack attempt, so even say 100 possible combinations of password are pretty secure in reality
4) Writing passwords down on a piece of paper kept in your home is actually, imo, pretty secure. To get that list requires physical interaction, ie the attacker must be in your home, that immediately rules out 99.9999% of all attack vectors, and once they are in your home, then see point 2) above....
5) The most likely attacker on a singlular basis is going to be someone you know, someone who can watch you enter your password, steal your bank card etc. They are also therefore easiest to trace and catch.