In all seriousness though, why would one 20 digit password be better than another? I know nothing about hacking. Is a guy randomly entering 20 digits? Even if it’s some computer program trying passwords, the probability of guessing right should be the same?
If it's based on any dictionary word or combination of dictionary words they can be brute forced pretty quickly now days. Even if there is a number or two at the end. Commonly people will use passwords that are a dictionary word or name along with a couple numbers or special character at the end. The pattern is what is easy to attack. You'd be surprised how fast a letter only password of any length can be attacked and found. Computers are FAST now days...
Password managers help with this because they are truly random with multiple special characters inbetween upper and lower case letters and no words are discerned.
Because most sites block brute force attempts (including RME) hackers will sometimes find a site that doesn't block attempts and eventually find the right pw for a user. They then operate on the assumption that the password they found is re-used on many other sites for the same username.
OR his re-used password was divulged in a previous breach and was posted online with the millions of other passwords and accounts. (this is most likely)
TL;DR - Don't re-use passwords for important sites. You might not think FB is important until grandma is getting dickpics (or bitcoin junk, same thing) in her DMs from your account...
