Re: Something's not right here
There's a guide to password strength that suggests 10 characters, alphanumeric only, will take 7 months to brute force at most.
12 character including alphanumeric and special, is 34,000 years.
Pass Phrases are best as they are easier to remember and, more importantly, LONG. Remembering the pass phrase (or three + random words, miss-spelt and added substitutions as I've been recommending to friends) being important as you're not tempted to Write the damn thing down or use a password locker - which is about as secure as writing the damn thing down in a note book (Seems secure until someone finds it, at which point they have it and you might not).
That this case seems to be a 10 character limit and cracked the same day: That suggests there's something else happening, such as man-in-the-middle, or a compromised machine, or they've got access to a password store. Then they can just get the password from there instead. Or they're using a shorter list of known passwords, or there's a pattern to the password making 'guessing' it that much easier.
Indeed, most hackers won't bother with true brute force: Those can be easily detected (remember that old 'get it wrong x times and you have to wait an hour. Or two?). Rather, they'd like you to believe they are brute forcing, while they sit there and get your new password from your machine, or password store.
This, of course, is why 2fa or MFA is so important these days.