IanKelley - 5:28 am on Sep 21, 2011 (gmt 0)

At a financial site the cookie is going to be encrypted by the back end before SSL gets to it, and it's probably going to contain more than just a password, which pretty much guarantees that it will be long.