Security professionals almost universally want to teach better password selection.
The evaluation that an “XKCD” type (two words, a number or two, and a third word,) password is strong/secure, relies on a dictionary with 20,000 words or so. [see “Pass Phrase Strength” table half-way down the column.] However, when people select their actual password, they tend to use only 3 and 4 letter words – so a crack using 3 and 4 letter words is very effective. Nevertheless, the scheme remains viable, if you use three or four digit numbers between the second and third word, or four words (in conjunction with numbers,) instead. Non-dictionary words also reinforce the security of the scheme, without making the password(s) too arduous to recall.
The reason people do not endorse pass-phrases universally, is that the chance of “losing” a pass-phrase is similar to the chance of losing a password. If we place too many eggs in one pass-phrase basket, we worry that they’ll all be broken in a single password stealing incident.