Windows 10 long term servicing channel. It’s intended for things like electronic signs but works great if you just want un bloated windows. It comes with most of the random bullshit not installed and has a longer period of security updates.

Hardware whitelist is unholy

People ‘know’ how to use Microsoft products. I’m a data guy and might spend less than a day a week in word, PowerPoint, excel. Most of the time I spend in them is checking other people’s work. I’m still called on to help people with such tasks as switching from footnotes to endnotes, moving files in SharePoint, fixing formatting. My general knowledge of navigating the UI and googling fixes is better than what people ‘know’.

Yeah you’re correct. The person you’re replying to is treating dictionary attacks as separate from brute forcing. Dictionary attacks are great on short passwords using likely words, but as soon as you use 2 or 3 or 4 words it becomes computationally unfeasible. I would say a completely random string of the same or much less length is more secure because a dictionary attack won’t work at all, but 3-4 word passphrases are excellent for passwords that you have to manually enter ever.