I use multiple banks and brokerages for financial services each with an associated online account to access accounts online and through a mobile application.
I’ve noticed a trend that there are low password length restrictions not allowing for passwords longer than 20 characters or not allowing special characters. Coming from an IT background I try to use long passwords with multiple special characters usually much longer than 20 characters as recommended by cybersecurity experts.
How much extra risk is associated with an account that has a 20 character password versus a 64 character password? Should these banks and brokerages increase the limit? What sort of technical roadblocks from infrastructure or application code would require such a low limit? Is it indicative of legacy technology?