Well, I just finished the redemption process. The whole thing took me 12 hours and I'm sure many others have also done the same tonight. Not sure if redemption will be extended again or if this is the final one but I'd rather be safe than sorry. I guess the only thing I have to do now is wait for the launch.
[...] what is meant by the word "password" in the box below? When creating an address, does the password equal the same thing as NXT's passphrase (which should be very complex) or Bitcoin's wallet encryption password (which can be simple)? I'm guessing it's the latter, right?
NEM uses wallet files like Bitcoin, so your private key is saved in the wallet file, but of course encrypted. To decrypt it, you need the wallet password, which you choose in that picture you posted.
This means: Without your wallet file a hacker can't bruteforce your wallet password, so this is a more secure way compared to NXT's brainwallet system (assumed people take care of their wallet file and dont publish it).
This also means: To be really safe, your password should still be very strong, because if somebody is able to get your wallet file, a bruteforce attack will find weak passwords fast and then your funds are gone fast as well.
BUT: The wallet you create with the current NEM software for testnet (before launch) should not (maybe even can't) be used later after launch. So for now its not really important to have strong wallet passwords,
but people should learn that strong passwords are very important to secure your funds after launch!It cannot be said often or loud enough that you have to save your real account data (to be precise: the private key of your account which you use for redeeming your NEM stake) really secure. Don't save it unencrypted to your hard disk. Don't save it in cloud storages like Dropbox etc. Don't send it via email or any other channel which is not heavily encrypted and really safe (if you are not much into cryptography, just don't send your private key via ANY communication channel). If you are not sure how to handle it, try this tutorial:
https://forum.nemcoin.com/tutorials/guide-creating-and-saving-real-account-data/I agree, and you've explained the whole thing very well. I knew NEM is based heavily on NXT so I thought it was possible that it was a NXT-style brainwallet/passphrase although the way its presented and the use of the word "password" instead of "passphrase" indicated that it was more likely not a NXT-style brainwallet/passphrase but rather a Bitcoin-style wallet encryption password.
However, I still think it's still true that a NXT passphrase, due to its design, requires a stronger degree of security than a typical Bitcoin wallet password. With a NXT passphrase, you have to assume that multiple attackers are attacking every single address in the network at once with very little cost whereas with a Bitcoin-style password, it's only a security risk if the wallet file falls into the wrong hands (e.g. if your laptop is stolen) and even then, your opponent is usually just a single person with a single computer.
Hence a 30-character passphrase composed of letters, numbers, symbols, etc. would be the bare minimum for a NXT passphrase whereas it would probably be more than enough for a Bitcoin password.
