They are simply enforcing better security. 20 digits of alphanumeric translates to about a 120-bit authentication. Slight below the norm (128-bit) but still cryptographically secure. Over 80-bit is good.
This is assuming the characters are RANDOM.. If not, the key space is VASTLY reduced for a brute force attack - assuming the router allows it. . Which I am sure it doesn't......
Well, someone might think "why can't you just obtain messages between 2 legit parties [router and person] and brute force THOSE messages with the password guess instead of actually interacting with the router?"..
Valid question. But you can design your system such that there is more randomness in the key exchange. Thus, the only way you can correctly guess the password is not through passive observation, but by through an active attack. Don't want to go into details if no one is interested.