These statistics aren’t entirely correct. There are 3664 emoji, so an 8 emoji password would take ½*3664^8 attempts to crack on average, or 1.6 * 10^28 attempts or about 10^20 seconds on a single 4070. That’s ignoring the fact emoji are more than one single byte; at byte level, an 8 emoji password is probably 24 bytes long, but it can be much longer.

Now, this number could be reduced by a dictionary attack (⚽ doesn’t get combined with gender or skin tone, generally) and emoji like 🏴󠁧󠁢󠁳󠁣󠁴󠁿 can increase the number (🏴󠁧󠁢󠁳󠁣󠁴󠁿 is one glyph but encoded in 28 bytes!).

In practice, though, I don’t think people would be able to remember whether they used 💙 or 🩵. That makes it rather unpractical for normal people to use. Also, software isn’t generally tested for this. The Steam Deck had a bug on release where it would crash and reboot if you opened up the emoji selection screen in the password field for initial setup, for example.

Just adding a single emoji to a password would probably make it uncrackable already, because brute forcing tools like John the Ripper don’t include these unicode ranges by default. Then again, so does adding 𓂸.