certain people are getting terminology wrong

"12-24 library words" are a seed key

a passphrase is a password to the wallet file.. or a legacy brainwallet
a brainwallet simply takes a word and sha256 hashes it, where the word hashed becomes a single key for a legacy private key

(108 keys = 26 lowercase alphabet 26uppercase alphabet 10 numeric 46 symbol (standard basic keyboard output))
anyway lets deal with the entropy of a passphrase password.. for beginners

so if your passphrase was just "war" someone can brute it in
under:
108                   (first round try passphrases of 1 ascii character on standard keyboard)
108x108              (second round try passphrases of 2 ascii characters on standard keyboard)
23x1x19 times  (third round try passphrases of 3 ascii characters on standard keyboard)

108+11,664+437=12,209tries
...

compare to WAR
108
108x108
49x27x45

108+11,664+59,535=71,307 tries
...

compare that to w4r
108
108x108
23x31x19

108+11,664+13,547=25,319 tries
....

compare to war!
108
108x108
108x108x108
23x1x19x47

108+11,664+1,259,712+20,539=1,292,023 tries

..
as you can see the more complicated or longer you make it the more entropy tries a brute force requires
so when computers can do billions of tries a second. a 4 character passphase is bruted in seconds

yep 1.29m tries is nothing, its literally under 1 second of bruting
so you need it to be much longer than 4 characters

A passphrase can also be used to encrypt a private key. Sometimes passphrase and password are used interchangeably but just that a passphrase can indicate that more characters can be used.

But on this thread, passphrase is not any of that than the BIP39 passphrase which is used to extend seed phrase as an additional word. Not even regarded as password in the regard because for it not to confuse people with their wallet password.

You mean 'you need it to be much longer than 4 characters'? Yes that is true. At least 8 characters with upper case, lower case, numbers and other characters like *"#@$&/)(?!. . But I like it longer. Or another 24 word seed phrase can be generated and be used as the passphrase.

Password? If an attacker gets your seed phrase and manages to brute force your passphrase, they are going to steal your funds, they do not need your password for anything, just the same way you can lose the password to your wallet file and simply recover your wallet with your seed phrase. A long and strong passphrase reduces the chances of an attacker brute forcing it, after they have gotten a hold of your seed phrase.

If you have exposed your passphrase only, then the solution is simple. Just create another wallet and move your funds from your current wallet to the newly created wallet. Your funds cannot be stolen with your passphrase alone, it has to be seed words + passphrase, since you have only exposed the passphrase, move your funds to a new wallet immediately and if you are going to set up a passphrase again, use a unique combination.

The longer and more complicated it is the better. These days scammers are for relentless so everyone must be careful
But while trying to make it harder for scammers you must make it in a way it will be easier for you to remember

well to me OP think using a longer passphrase can increase security, but on the other hands consider using wellet prioritize by  quantum computing it has a side effect like Cryptographic algorithms resistance to quantum computer attacks.

There is a reason why it is called a pass-PHRASE. A phrase is much easier to remember because it's not just a bunch of
random computer generated characters like your typical standard password. Makers of hardware wallets usually don't bother to explain
the difference very well so I think it is not well understood. Ideally you don't want your passphrase to look like a typical password.

A passphrase should be personal to you and have several things in it only you would know.
Which makes it easy for you to remember but virtually impossible for others to guess or brute force.

A rough example would be:

BillieJeanPromGaga05

1. Your favorite song in high school was Billie Jean
2. You first heard it on your prom night
3. Your prom date was Lady Gaga
4. The year was 2005

So just brainstorm several things that are personal to you and combine two or more pieces
of this personal information together to form a passphrase. You want to be dead sure you don't ever forget it
so you may want to keep a physical backup somewhere (separate from your seedphrase of course).
Or your bitcoin could be lost forever. Passphrases can still be forgotten but still should be far easier to memorize
than computer generated passwords that always look like gibberish.

Passwords and passphrases aren't limited to Bitcoin. However, the longer it is, the bigger chance that you will forget it and lose all the bitcoins in your wallet thereby. That will make all the rest of the bitcoins worth more, in the long run.

It's like fiat. The more that is printed, the less the value of each unit. That's why us little guys make only $20,000 to $100,000 a year, while the big guys toss $billions around like it was going out of style.

Not really.
A wallet is a set of key-pairs, they can be either deterministically or non-deterministingally produced.
Let's focus on a single key-pair.
You have the following flow: private key -> public key -> address. It goes only right and can't go backwards.
The private key in Bitcoin is 256 bits long.

Hacking method 1: Brute-force

Brute-force means that you search blindly. Since the key is 256 bits long, on average, it requires half the total complexity to find a match. This leaves you with a number of 2^255 operations.

Hacking method 2: ECDLP solving

Fun part:
Have you ever heard of the birthday paradox? If you have a room with 23 people, there is a probability higher than 50% that you will find 2 of them that have the same birthday. But, the days of the year are 365, so it looks strange, but it's mathematically explained. The rule of the paradox is that for n objects you need √n time complexity to have a solid probability of finding a collision.

Now let's go back to bitcoin:
It's more practical to use an algorithm that tries to solve the ECDLP (for example check this thread).
What these algorithms do, is that they start from a known public key and they try to derive the private key.
In this way, they know which address they try to hack.
You are essentially trying to find a match for Q = kG, where Q = public key, k = private key and G = a point on the secp256k1 (which is bitcoin's elliptic curve).
So, based on the initial rule, the complexity of this algorithm is √2^256 = 2^128.
A complexity of 2^128 bits is much less than 2^256. It's not the half of it, like many people think, but much less than that!

Final Verdict

Is 2^128 still difficult to find? It's almost infeasible, just like 2^256, but between the 2 methods, I think quantum computer users will choose the latters since the search space is vastly smaller.
I highly doubt that quantum computers will even mess with BIP39, passphrases etc. If they have the power they are supposed to have, they will most likely try to search the 2^128 space, without even getting out of their houses.

Nobody doesn't want to become another one filling up the statistics of the lost wallets