In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)
Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.
The password should be hashed anyway, which has a fixed output
But there must be a (long) max length anyway, to prevent some kinds of attacks.
Long here means a 400 page book as a password.
One of the older, but still usable password hash uses only 72 characters iirc.