Am I right that a “fair” password is always a “good” one as well?!
A string containing at least 8 characters including a lower-case letter, an upper-case letter, and a number always includes at least 3 of the necessary 4 types of characters for a “good” password, doesn’t it?
Or should it say
Fair: at least 8 characters including a lower-case letter, an upper-case letter, or a number.
Yes, that’s a good observation. I suspect that the fair level got an upgrade at some point in time to better reflect updated recommendations and that made it go on par with good in terms of a fair password now also meets the minimum requirements for a good one. However, the advice for a good one still has some additional notes about special characters which may indeed increase the strength due to a bigger set of possible characters. I would personally read that more as advice hints about how to choose a password rather than a non-overlapping classification.