It may look complex and unpredictable but is it really?
A key idea in security is that of unpredictability. If I can’t guess your password then it ought to be secure. This is almost true, except the problem isn’t about whether I (as a human) can guess your password but whether a computer can iterate through all possible passwords and find your particular password within a sufficiently short timeframe. There is a mistaken assumption that if your password is hard for a human to guess then it is a good password to use. I heard an anecdote that went something like “My password is ‘JohnSmith’. No one will guess that because my name is Bill Jones.” This line of thinking is based on whether someone you know is likely to guess your password.