Many users choose short and simple passwords. Easy to remember makes them easy to crack only by guessing them.
The strength of a password increases with its length. Adding just a few more characters to a password can increase the time to crack it by years.
A way to generate strong password is to string together some meaningful words (combine some words) into a password phrase. Adding some complexity by adding some special characters and numbers. A strong password should contain all of these elements (uppercase letters, numbers, lowercase letters, symbols like !, @, #, $).
An online dictionary attack There are some programs trying to login on a website using a dictionary file containing a list of common passwords (leaked passwords from another websites, a vocabulary list with words in different languages). The website can prevent that by limiting the amount of login attempts or by using a CAPTCHA on the login form.
Cryptography is used to make the passwords harder to crack. Before storing a password it must be encrypted. It can be decrypted only by those who have the key.
An offline dictionary attack occurs when a program is used to decrypt an encrypted password. This way the hacker can decrypt it in the comfort of his hideout.
A website can protect its password by encrypting the stored passwords, limiting the unsuccessful login attempts and require users to change passwords often.