Sorry early morning here, I actually fixed that before I saw your comment -- more like 6 bits per character. In any case more than good enough.
I actually am not a fan of 2nd-factor authentication (e.g. phone). If you lose the physical thing or it gets leaked to a stranger, gunman who mugs you, leaked by security holes in the thing's own embedded OS, it's no longer helping your security. I'd rather authentication depend on only what's in my mind and body and nothing external. Also, I lose stuff and forget stuff pretty easily, so I often just avoid carrying anything.
I actually am not a fan of 2nd-factor authentication (e.g. phone). If you lose the physical thing or it gets leaked to a stranger, gunman who mugs you, leaked by security holes in the thing's own embedded OS, it's no longer helping your security. I'd rather authentication depend on only what's in my mind and body and nothing external. Also, I lose stuff and forget stuff pretty easily, so I often just avoid carrying anything.