Comment Re:Even 100,000,000,000,000 is too small (Score 1) 223
My very secure password, is well over 100 bits of entropy. Easily extendable when the time comes.
But that is not the problem. We're using a Secret for single factor identification. Real identification is multi-factor and requires non-secret means for identity, and then a secret for proof of identity. Non-secret identification requires a web of trust. Online systems have neither non-secret web of trust Identification nor proper secret proof of Identification.