In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)
Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.
At one point years ago my work finally caught up with the 21st century and allowed creation of passwords longer than the fixed 8 characters it had always been. So I said great, made up something that was around 12 or so that I could remember. Until I logged into some terminal legacy programs we were still using and wouldn’t take that length. So yeah, I went back to 8 characters that wouldn’t break things. They eventually migrated away from such old programs and longer passwords became mandatory since they’d work everywhere, but I thought it was funny that briefly I tried to do the right thing but IT hadn’t thought out the whole picture yet.