i hope you realize that using brainwallet like that is the worst thing you can do for generating a new private key because brainwallets are known to be insecure because people are rarely capable of creating a truly random "passphrase". so know that if you decided to create a paper wallet with a password there is a very good chance that someone is going to steal your funds pretty easily.
I wouldn't say that brainwallets are bad per se. If you choose a phrase long enough and one, that is not used in any book or lyric or whatever, a brainwallet can be an interesting way to store your value in some situations.
Let's say I take an individual very long sentence, which nobody else knows. Now I run a sha256 over it and convert this into a Bitcoin private key. When I send Bitcoins to this address I can access it everywhere I want without even bringing a computer or USB sticks or whatever. I can cross borders with absurd amounts of money and when I want to spend it, I only need the sentence to have access to it.
The possibility of someone accessing these funds are very very small. Especially because people don't even know, that I have Bitcoins in a brainwallet.
Even if they knew, how would they start looking for these funds? The only way could be torturing me until I give them the phrase.
the problem is in that first step: choosing a long and truly random passphrase that can not be guessed at all. generally speaking people have shown that they will always choose things that can be guessed which makes brainwallets bad in general.
otherwise there have been users that created brainwallets and posted the address as a challenge online and it was never broken.
if someone insists on using brainwallets then i can only suggest using some other method other than a simple SHA256 on it. something unique that nobody knows. that way to steal the funds the hacker has to find 2 things: the random long passphrase and the hash algorithm.
for example you could use a KDF function such as scrypt with custom settings (eg. n=2048, r=5, p=2) and derive a 32 byte key from that. or using SHA3-256, SHA512/256, Blake2b-256,... the list goes on.
ps. BIP39 is also worth mentioning here as it is a mnemonic which is a set of words in any language which you could memorize instead of a brainwallet. it is harder but it much safer since they represent a good random entropy. this could also solve the "torture" problem as you could add a single "word" to the list as its extension so you have 1 mnemonic but two wallets. the wallet with the mnemonic can contain a small amount that you could reveal under torture! and the wallet with mnemonic+passphrase contains the actual funds. => good for paranoid people.
So peoples education is the problem and not the brainwallet. People have to learn, that a phrase like 'To be or not to be' might not be guessed by a human that fast, but that a good computer can crunch billions of sentences in minutes. If you instead use a phrase like 'To be or not be, I don't fucking care about this shit in 2019.' you probably have a sentence that wouldn't be in any book or wordlist and therefore pretty hard to crack.
