I'd like to propose addressing the current allowable password length (20 characters).

Our single sign on environment allows up to 48 characters and the current limit should support NIST guidelines (800-63B): Verifiers SHOULD permit subscriber-chosen memorized secrets at least 64 c...