Correct horse > incorrect math
Unfortunately, Randall has flawed math in that comic. An ATI Radeon HD 5770 running ighashgpu can check over 3.3 billion NTLM hashes/sec. That's 3.3 million times faster than the rate he assumes in the comic. Instead of 44 bits of entropy being 550 years, 44 bits takes less than an hour and a half on a $99 video card.
(550yrs) x (365 days/yrs) x (24 hrs/day) = 4,818,000hrs at 1,000pwd/sec (Randall's calc)
(4,818,000hrs) / (3,300,000) = 1.46hrs at 3.3B pwd/sec (GPU-cracking reality)
And that is for an attacker that resorts to a brute force attack. If you know the password is based off of words, the entropy drops sharply due to shared word roots and letter combinations.
I'm not even going to calculate the effect of renting time on a multi-GPU monster from Amazon, or throwing a botnet at the task.
If you want to really secure something, you can't just use a password anymore. You use multi-factor authentication.