Can't really argue with that. I guess got this in habit of using initialisms, because a lot of sites had limits of 32 characters for passwords.

But that's probably less true these days. Since they should be hashing the password anyway, why not allow something huge, say up to 1000 characters.