I'm aware of what constitutes a decent password, but typing in 15-30 random characters each time I lock my computer screen is starting to get a bit taxing. How secure does my user password really need to be and what are the threats to it? Does the same apply to a root-enabled user as a "regular" user when it comes to password security? For context, my threat model doesn't need to account for real people breaking in and accessing my computer, the damage would be very contained. Bonus question - what are the risks of having a weak password on a root user on a spare laptop on the same network as my main device that is used exclusively for web browsing? Thanks.

I was watching Eric Murphy's video on "Privacy faigue" and it certainly provided some food for thought. (https://www.youtube.com/watch?v=Ab6ryHD_ahQ) I like how he conceptualizes privacy as multilevelled, with no one-size-fits-all solution, which should be tailored based on the individual's threat model. So, with that in mind: what would y'all consider your threat model? As far as I'm concerned I suppose my main goal is to avoid advertisements, particularly targeted advertisement. Additionally I would obviously like to avoid getting hacked, but I know I'm not being targeted particularly (and wouldn't be a worthwhile target anyway). Curious to see if I have any obvious blindspots that could be remedied based on everyone else's answers.