Question for the smarter people out there. If everyone started using passwords like "donkey computer watch" would this mean that this format would then be much easier to crack as opposed to xy7*hdkSD
It actually wouldn't, because the entropy doesn't rely on the attacker not knowing the general format - it relies on the number of words available as choices.
English has roughly 100,000 words, so that password scheme has 10^15 combinations. Suppose the latter scheme incorporates the 96 printable Ascii characters. log96(10^15) is 7.5, so yes the latter scheme gets ahead on entropy at 8 characters or longer.
But it's not a question of maximizing entropy. It's a question of maximizing entropy relative to the human brain's ability to remember it. The brain handles words as single units, so it's a lot easier to remember three of them than eight or more arbitrary characters.
Doesn't the entropy just measure the difficulty of brute forcing a password though? From an entropy perspective, "password" may be more secure than "r&E2pX@", but I doubt anyone attempting to crack passwords in a practical manner is going to adopt a direct brute force approach.
Question for the smarter people out there. If everyone started using passwords like "donkey computer watch" would this mean that this format would then be much easier to crack as opposed to xy7*hdkSD
Security is a bit of game theory right?