There's no reason why most people use 2048 bit keys other than that's the default in a lot of PGP programs. On the other hand, 2048 bit keys should be safe for another 20 years, so it doesn't really matter. 1024 bit keys are considered weak because they will be crackable in a reasonable amount of time (100 days or so) with computer clusters within the next 5 years, so you might want to avoid vendors with 1024 bit or smaller keys, but there's nothing wrong with 2048 bit keys.