Wish it was so easy, some websites have decided they like lower security, especially for some reason, my banks. Banc Sabadell in Spain for example, only does 2FA via SMS (famously insecure) and your password is limited to 6 numbers, and accepts nothing else.

How exactly is that supposed to prevent your data from getting stolen in a database leak?

This thread isn't about data in general, only passwords. So first of all, a strong password is much harder to crack in the instance that it's stored in a hashed form in the database. In the instance it's stored (unforgivably) in cleartext, it cannot be used, because an additional factor is required to authenticate. That is how exactly.

HIBP tracks full data breaches, not just password leaks. Screenshot from the article https://www.troyhunt.com/content/images/2025/05/image-19.png

If your physical address gets leaked having a unique random password doesn't help with that. It's still a good idea though.