In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)
Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.
pls elaborate
As long as the adversary doesn’t have the ability to brute force the password locally, you have the ability to reset in the event of a leaked hash and you aren’t reusing passwords you are fine with a shorter password. Obviously be mindful of easily guessable passwords or ones that are very short. However, a 12 digit sufficiently random password is fine. Don’t fall into the trap of longer but easier to guess.
Don’t do things like impossiblebatman1. Something like SalariedOverhand22 or imposiba1ttman
The first secure one I used diceware to generate two random words and then a random number generator to add a number. The second one I randomly changed spelling and the pattern to increase entropy.