In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)
Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.
24 is fine, not as bad as 12 and no special character. That’s honestly the worst one i’ve encounter.
my bank app doesn’t allow copy paste so i can’t have anything that long and hard to type, and they tend to request password login when transferring money.
24 is not fine if you’re like me and use passphrases sometimes
A 24 char passphrase while not as bulletproof as a machine generated string is still credibly strong even to offline cracking attacks when possible. In all the datasets of passwords acquired through that sort of cracking I don’t think I’ve ever seen it catch even a 4 word passphrase.