On dear.
It's really easy to come up with a strong password, though. I mean, I can do it. As a sysop without tech savviness, I advise this method: think of a quotation of twenty words or so that you like and know well, but that isn't generally known or quoted. Take the first letter of each word. There's your password. You can remember it, but it would take decades or centuries to bruteforce it. Personally I like verse quotations, because to me they're easier to remember with precision. Bishonen | talk 21:16, 4 May 2019 (UTC).
A little understanding is a dangerous thing. What have we learned from just this snippet?
-her password probably never changes
-it is all letters, all the same case, probably lower
-it has to follow certain semi-predictable letter orders patterns (probably starts with A or I for example)
All of these little pieces of knowledge wil markedly reduce the time estimate of how long it would take to brute force it. For the sheer pleasure of compromising her Wikipedia Admin account and seeing ArbCom insist she install 2FA (and so force her to resign because she won't), hiring the necessary computer time to at least try half the possible combinations, has got to be worth it, surely?
If you don't fancy that, then there's also the option of seeing if she's ever referred to any verses or passages in Wikipedia, and trying those. A fun thing to do on a lazy afternoon, giving the same rush as a slot machine without the crippling debts.
The best part of course is learning that she probably uses this technique for her bank account. Obviously you can't brute force a bank account, but it does rather help to know what you're looking for, and that your target is someone who is so unaware of what makes a password secure (in her case it really is only the claimed length that is making a bruteforce attack prohibitive), you would have to assume she is vulnerable to all the other ways you could try to gain access to her money.
It is hilarious that the only thing preventing her from using 2FA, is not being smart enough to realise how worried she should be that she really doesn't know all that much about computer security.