in a brute force attack there is no difference between a user defined password that is 15 characters and contains each of the types, avoiding poor choices and obvious associations, and a generated password of 15 characters with all the same types. AI will spend roughly the same amount of time to crack both given nothing to prevent it retrying infinitely.
if the autogenerated password is 15 characters and yours is 16, both using all of the types, yours is safer because it is longer thus requiring far longer for the AI to calculate through the encryption.
the person who originally coined the “use these different types of characters to make a safer password” is on the record a while back apologising for getting it wrong. He gave the advice in a time where the only threat to your account was another person, and usually someone who knew you. nowadays hacks without social-phishing are AI driven and the AI won’t distinguish between whether or not you used all the special types. it will iterate according to its programming through all the types the password field accepts, starting from the simplest and easiest to more complex patterns.
my point is simple, do not record your password anywhere because it is easier to steal passwords recorded in a place than to crack the password directly where it needs to be used and always use the maximum characters allotted to you. Update frequently so that any attempts are time wasted and a hack must start from the beginning, monthly at the latest is often recommended.
people need to be able to remember their passwords, generated passwords miss this factor entirely. you don’t need a perfectly unique password for every place and service you visit, because after you make enough you fall into a predictable pattern that can be used against you to figure out your password habits across accounts. you just need to determine a few “levels” of security for where each account belongs and use a secure memorable password for those in the same level, frequently changing it so its always secure. Your main email where everything is backed up to must be unique and the most secure, changed the most frequently. your games and hobby accounts that have no impact on your life if hacked can be less secure and share a password without issue, but never use a game/hobby password shared with your social/financial accounts etc.
I have had countless accounts needing passwords and its not feasible to rely on a generated password for every single one or making custom unique passwords and remembering them. you end up relying on a service that stores them for you (effectively giving that service access to your accounts) and once that service gets hacked, so have all of your accounts, which you will find impossible to then go through every last one and change to new passwords without relying on yet another service to hold them for you.
I have no more than 10 unique passwords at any one time, with 3 of them being unique to a particular service. these are not recorded and so can’t be stolen unless the site my account is on gets compromised, then I just change all the accounts in that password group to a new password. groups like my old gaming accounts had more than 1 group and the games in each group occasionally rotated based on which I used most or least. I also used multiple email addresses keeping my most important account free from less important stuff.