you would think a steemit password would be hard, since it is a mile long, but my Norton Security classified the strength only as medium.
But this here is something else: people giving their password up foolishly to bogus sites, which reminds me of all the hacked WhatsApp accounts, the latest scam: people "upgrading" to WhatsApp Gold. Barnum was right. There is a sucker born every minute.
https://www.independent.co.uk/life-style/gadgets-and-tech/news/whatsapp-gold-plus-scam-malware-download-get-message-a7045606.html
Like Facebook: people open links on messages that say nothing more than "lmao, this is funny, check it out" .... and then they are surprised that their accounts get hacked and they themselves are spreading the same shit.

BTW: I run Steemit ONLY on my computer, not on my phone. I would not trust my phone with anything like that which I consider sensitive, such as my banking or my website host account. I run scans on my computer every second day, and usually wind up with 0 treads found. Ages ago some stuff wound up in quarantine after I opened a (probably hacked) artist friends website.