I use a password manager, so I always make passwords that are very long and complex. It appears that passwords on cloudflare get truncated to 21 characters. I just spent over an hour trying to log back on to cloudflare with a too-long password. After filling out about fifty capchas (no joke). I was starting to think I did not know what traffic lights, buses, cars, bicycles and cross walks were.
So when I finally reset the password, I made it SHORT and without any special characters and was finally able to log in again. This is a bad sign.
Cloudflare: PLEASE display both the min AND MAX password length AND list the special characters which are actually permitted on your password change page. Too often only the minimum length is revealed, we all have to guess how secure we are permitted to make our passwords.