The paranoid might slightly alter their actual password before testing...who knows if that site keeps all data entered; maybe even use a vpn to access the site to anonymize yourself. In any event, enter some random samples and you'll get an idea of how secure a typical password might be.
An interesting article I ran across is this on password tips ...from a "penetration tester". Good insights in here.
Some new browsers have a feature to "suggest" a password of similar complexity as these sites provide. I am old school and prefer to go to these sites as I have for years.
Also, some people use password managers (there is a thread here about them). Again I am old school and maintain a log in a large Excel workbook file...allows me to paste snapshots of information on the site, etc. can be useful. The Excel file is encrypted with the latest Microsoft functions (which are quite robust now; pre-Excel 2013 it was not very secure). And the drive the file is on is itself fully encrypted. :- )
Two factor authentication on log-in is very strong (typically) as well.
My opinion is that a hardware key is best versus the authentication codes sent by email or text, or even with authentication code generator software (the hardware key is more secure than the email or text, and is more convenient than all of those code options).
I use Yubi key(s) for all my important sites that provide for them...investments, banking, etc (even Twitter and Facebook have option for hardware keys).