And probably always will, because they don’t test for the right things (they basically look for complexity as a human would perceive it, not an attacker).

As always with these things, you shouldn’t be using a password, anyway: you should be using a mnemonic passphrase (i.e. a sentence, or part thereof) with components you can change depending on the site it’s used on.