In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)
Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.
All passwords longer than eight characters are silently truncated anyway.
Only by very badly designed systems. Most are not truncated but hashed. Those hashes are much longer than 8 characters.
Looks like somebody made a generality out of the Shamir Secret Sharing PayPal implem (read it thought)
Uh? Why?
Only by batshit insane system wreckers. Normal systems don’t do this at all.