Why have a maximum of 64 characters?

Yea, I think they (proton) just didn't properly read (misunderstood) the guidelines.

> 3.1.1.2 Password Verifiers

> ...

> 2. Verifiers and CSPs SHOULD permit a maximum password length of at least 64 characters.

In other words, if you want to put a max length, don't put 20, put at least 64.