Umm... A password 20 characters in length is more than long enough. If you choose something that is sufficiently random, no one is going to be able to guess it or "crack" it.
If you've had accounts with long passwords compromised before, it's because someone stole your password, not because someone guessed it. Perhaps you were the victim of a phishing scam and you entered your password into a bogus web site. Perhaps you logged into your account on a PC that had spyware running on it. Perhaps your password was saved in an insecure place, like in a compromised PC or e-mail account.
Here are some simple security practices that will greatly decrease your chances of someone gaining unauthorized access to an account:
* Use a different password for PayPal than you use for any of your other web site logins.
* Choose a password that is sufficiently hard to guess (random looking and not too short).
* Make sure your PC has up-to-date antivirus software. It wouldn't hurt to also scan it with Spybot Search & Destroy and AdAware Free.
* Use Gmail as your e-mail provider and turn on 2-step verification for your Google account.
* Never click on a link in an e-mail message to paypal.com or to any other financial institution. Instead, type paypal.com into your browser's location bar, or use your browser's bookmarks.
* Make sure that your accounts have accurate recovery e-mail addresses and security questions, so that in the event you lose access to your account, you will be able to get it back.
If you're feeling extra paranoid and you want extra security for your financial accounts, do some or all of the following:
* Make sure you never log into paypal.com using any PC except your own.
* Sign up for PayPal's Security Key.
