[peterwwillis]

While I applaud the nifty tool, we should be trying to get away from single-factor authentication wherever practical. It's also possible that the use of phrases could incur the same mis-use as passwords (common phrases, common words, reusing the same phrase on multiple sites, etc). Passwords just aren't a good idea anymore. (Side note: a lot of password fields i've seen limit you to something like 12 characters; how secure can our phrases be at this length?)

[equivrel]

Don't forget that passphrases are also have security uses other than authentication: symmetric encryption of private keys, disk/file encryption, etc. where their use is pretty much unavoidable. Obviously a very long randomly-generated encryption key saved to a usb stick is more resistant to brute force than a memorable passphrase, but you still want to symmetrically encrypt it with a good passphrase to keep it (relatively) secure in case it gets into the wrong hands.

[markhemmings]

Completely agree. For example, I use two-factor authentication on all accounts that allow me to. Regarding limiting to 12 characters, the sites in question there are putting there users at risk and it's very likely they aren't storing passwords correctly, leaving anything you put in that password box vulnerable anyway.