Don't limit password length
It's silly to limit password length to 20 characters. I want to use 1Password to generate a password that no one will be able to crack before I'm long dead and gone and it's ridiculous to limit the length of the password. If you're storing the hash of the password like you should, you should be storing a fixed width field of either blob (more efficient) or char data type (in MySQL terms, not sure what you're using…) so it shouldn't matter one bit what the password actually looks like. If you must limit it just for sanity sake, set the limit ridiculously high at something like 200 characters. And, while you're at it, be sure to test these with lots of special characters and whatnot so that even the goofiest password will work great.