How strong do passwords should practically be? And reuse of PIN?

I believe even a PIN is strong enough, if you don't name it yourself.

And, if 4-digit or 6-digit PINs are sufficiently practically safe; how could 8-digit password be weak?

Can dictionary attack be done on a PIN, or are hash leakages very rare?

Even if brute force or dictionary attack be done on a password, aren't real world attempt limited (and get locked out of account)?