Secure internet passwords - at one point does it not matter any more?

Assuming a person is not a total idiot – using a password like “password” or “user12345” or “abcdefg” – I wonder how much it sense it makes to create these ever more complicated password combinations.

For example, my bank says – at least one upper case, at least one punctuation mark, at least one number .. so 32!!busRide would be OK. Other sites required things like BigRedRidingHood28B__ (again, combinations of punctuation and upper and lower case)

But I’m operating under the assumption that machines are doing most of the cracking of passwords. And a machine doesn’t particularly care about lower/upper/numeric characters – to a machine, those are all just ASCII characters (one of 128) and have no inherent meaning. If the algorithm is checking combinations, then one ASCII character is as meaningless as another.

So does it make any sense to do the hard-to-remember combinations noted above? Why not do something like A3333333333! ?

Is this another example of “security theater” where we think we are more secure but we really aren’t?