In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)
Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.
I’ve yet to see anyone link to a source
Here is where I’m getting my info
https://cybersecuritynews.com/nist-rules-password-security/
you realize that they say the exact opposite of what you are saying, right?