Extremely over-simplified and not a technical explanation by any means, but think of it this way
site A requires a 4 digit PIN
site B requires a 2 digit PIN
Assuming you doon’t know the values and want to “brute force” your way in, which site would be more of a problem for you?
site A with 10K possible values to try or
site B with 100 possible values to try