I believe that NXT client should:
1) Implement a button to generate a random passphrase of optimal security.
2) This button should be at the beginning of the login procedure.
3) People could then use these random strings for their passphrase.
4) When generating a random passphrase, a message should also CLEARLY state to keep (copy and paste) that passphrase somewhere to avoid the lost of the NXT account.
This simple addition would decrease significantly NXT stealing.
Note that when people say out loud that their NXT was stealed, it is a very bad press. With this simple addition, some form of NXT stealing can be avoid right away. I believe that this should be implement before the NXT official launch.
If you like my advice, plz donate: 653922166310279418