Asymmetric key length (like in RSA) and cipher key length (like in AES, RC4) are quite different. RSA keys used in public-private asymmetric cryptography should be 1024-bits or greater. AES, RC4 and other cipher keys should be 128 bits or greater. What's the difference? RSA widely let's everyone know the public key N and e, where N is the product of two large prime numbers. If you can factor the composite number N you can derive the private key and decrypt any message encrypted with the public key.
Factoring is a hard problem that cannot be done in polynomial time on a non-quantum computer, but there are tricks from number theory to factor numbers better than naive brute force. Trivially when looking for factors of N, rather than trying every integer between 1 and N, you could skip all the even numbers except 2, or try dividing by only prime factors or stop when you reach sqrt(N), rather than trying to divide by every factor between 1 and N. In the real world techniques like elliptic curve method can factor ~260-bit composite numbers in a couple minutes on one cpu.
AES and RC4 on the other hand are symmetric ciphers. They just need some random number key to decrypt a message. So to brute-force a 128 bit cipher key you have to try most of the 2128 ~ 1038 different keys until you found the one that worked. So if you can check a trillion (10^12) keys per second it would take ~10^19 years before you've checked most of the keys. Note a 256-bit key would be 2^128 times harder to brute-force (take 10^57 years).
So when I log into a banking site and click on the https information in google-chrome I see:
Your connection to home.ingdirect.com is encrypted with 128-bit encryption.
The connection uses TLS 1.0.
The connection is encrypted using RC4_128, with MD5 for message authentication and RSA as the key exchange mechanism.
If I then click on the detailed certificate information, and go to the certificate field "Subject's Public Key" I see that they use a 2048-bit modulus (N the modulus of two large prime numbers).