In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)
Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.
I’ll do you one better. The target redcard credit card doesn’t allow non-standard special chars, max I think it was 12 chars and gets pissy at using known SQL special chars. If it wasn’t for the fact it required a credit check prior to getting to that screen I would have ran so hard.
What’s even more annoying is their password field says that it does support that, but if you try via the mobile app it errors out