Having a 20 char limit is just plain dumb, stupid and moronic. If I want to have a 400 bit password length, then let me have it !! More of a risk having that limitation of 20 chars - and then there is more of a risk having or enabling a buffer overflow to execute code. Let it be free length. Paypal need an external audit and a slap-in-the-face immediately. In the next few years, Quantum computing with AI will crack that 20 char limit down to hours. Why put a restriction on the length to chance it?
... View more