In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)
Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.
How old are you?
The old security wisdom has been thrown out in favor of better practices. If you spend to much time focusing on one spot you will make everyone hate you while leaving gapping holes in your security.
your comments just make me hope that you never touch an IT system as a developer