I know we are talking about braking the password.
So brute force for 20 characters takes the same amount of time and power like for a 100 ?Plus taking into account that you change the password from time to time.
If someone try to hack your account, you should receive an immediate e-mail form MB just after the first try… right? unless he got the correct password from the first try !!!