Wait, you take a dictionary, even an English one (even better if you are a foreigner so you use a foreign dictionary, but lets assume you use and English one) and you choose 12 random words of 6+ letters (even 5 letter words are OK but just to make sure) and you will have a random password with 128 bit+ entropy which is very safe. Of course, you write it down on a piece of paper.
The problem is that average people don't know that's done like this correctly and they use famous phrases and other crap instead.
As shown by this thread, people aren't very good with random-ness.
You should let the computer do this for you.
People are terrible in choosing passwords for themselves, I know that. But I kind of got from this thread that all brainwallets are doomed since they can be cracked with this software which is just not true if you have a strong and random password.
Concept of brainwallets works for NXT pretty well, OK they did have some hacks in the beginning, just because the users used famous phrases which you can look for with these kind of softwares very quickly and successfully. Now, when the users know what the strong password is and when they have option for client to choose it for them, brainwallets work well.
I almost forgot that NXT is a brainwallet per se.
I did some research some time ago but couldn't find how NXT hashes the passphrase which locks/unlocks the account.
Is it just sha256(passphrase)? It can't be that easy...