But my dog's name is still safe right?
Only if called 123abc
If it was a NXT brain wallet pass phrase his dog's name would need to be at least 30 characters long to be secure. There are servers constantly attempting to crack NXT wallet pass phrases using lists of passwords called rainbow tables.
No doubt all the quoted advice for creating strong NXT pass phrases also applies to creating strong Bitcoin pass phrases.
https://wiki.nxtcrypto.org/wiki/How-To:GenerateStrongPassword30 characters??!? Isn't that too much?
For most applications, yeah. But Nxt works differently.
In most other applications, an attacker can only try to break into one account at a time. A smart attacker will not try passwords randomly. They will run through a prepared list of passwords and resulting hashes (that list is called a rainbow table), hoping to find the one password that can access your account.
As technology improves and processing power increases, attackers can prepare larger and larger rainbow tables. The key to creating a safe password is to stay ahead of the processing curve, to avoid being simple enough to be included in rainbow tables and so escape easy discovery.
Most applications are such that an attacker can go after only one account at a time. Your bank, e-mail, and online shopping accounts are like this. For such applications, a password of 15 varied characters that don't form readable words or patterns is currently very safe, well beyond what attackers can feasibly include in their rainbow tables.
Nxt works differently. In order to have the convenience of accessing your account through just a single passphrase, without a login name or wallet file, it also allows an attacker to try ALL accounts at the same time and greatly increases their chances of success. With everyone's account balance in the prize pot, the rewards become much higher, so there's compelling reason for them to focus a lot more resources on extending rainbow tables.
