I think the point here is that no-one uploads / enters a password/phrase/file.

Whatever you enter on the keyboard is hashed and the hash is sent. Depending on the protocol, sometimes it’s time limited so no-one can record the network traffic and resend the data (replay attack)

Files (SSH keys, certificates, etc) are checked against a (usually) asymetric key exchange algorithm, so they can only compare what’s sent if they have the corresponding key to decrypt the cipher.

The length of the password (or file) is basically meaningless. It’s just how long it’ll take someone to guess it (brute-force), but as the saying goes, you don’t break into a house through the door, you go through Windows… ie the weakest link.

In your concept, the weakest link is the meatware: humans. We need ease of use, so, someone will store that file and it’ll be compromised, so 64b, 128b or 512b doesn’t matter, if they have the file, they’re in.

Now… MFA… Now, that’s more like it.