Moore's Law can be counteracted by using a slow key derivation. For instance, PBKDF2 turns a password into a key by applying many iterations of a hash-like function. You can tune the number of iterations so that the operation is still tolerable on your computer (e.g. it takes no more than one second). The advantage of the attacker is then the product of his patience and his relative wealthiness: if the attacker can have a (cluster of) computer(s) which is 1000 times more powerful than your own machine, and if the computer is ready to invest a dozen days (1000000 seconds) of computation into breaking your encryption scheme, then the attacker will be able to try about 1 billion potential passwords. It is possible to memorize passwords with a higher entropy than that (e.g. passwords which consist of two letters, then two digits, then two letters, then two digits, such as "qw04qr29" or "fm17zz05", are memorizable and are from a space of about 4.5 billions possible passwords).
On the bright side, the attacker advantage is no longer dependent on Moore's law, as long as you keep the iteration number up to date (this can be an issue for long-term secrets, e.g. an attacker trying to crack an encrypted file which he copied ten years ago). On the darker side, typical users have a tendency of being utterly disappointing when it comes to memorizing seemingly "simple" passwords, or refraining from, e.g., writing them down on a sticky note.
Asymmetric cryptography does not solve the problem, it just moves it around: how do you protect the user private key ? One possible solution is to store a "master secret" (e.g. a user asymmetric private key) in a device which arbitrarily limits the rate of "guesses" by an attacker. This can be a smartcard which simply shuts down after three wrong PIN codes. This can be a server which authenticates users with a password but permits only ten tries per hour.