The reason we use 128-bit encryption instead of 256-bit is because the chance of a successful brute force attack on AES 256 is effectively zero and the chance of a successful brute force attack on AES 128 is also effectively zero. But AES 128 is faster so that's why we, and the following giants of the web, all use 128-bit encryption:


If you’re using Chrome when you’re on any of the sites above, you can see your 128-bit connection to the site by clicking on the padlock in the address bar > Connection tab > "The connection is encrypted and authenticated using …”.

As further evidence, Bruce Schneier said ”And for new applications I suggest that people don't use AES-256. AES-128 provides more than enough security margin for the foreseeable future." He is an internationally renowned security technologist, called a "security guru" by The Economist. He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is regularly quoted in the press. 

There’s even more at:

Hope that helps! :)