In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)
Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.
I think so yeah. It’s been about ten years since then though. I remember it being wildly short, and a set length with all letters and two numbers with no symbols. I also remember having to change it every quarter or something, so I just started at a number and every four months just upping it by 1. I was only there for about two years though and that job was crap, so it didn’t matter very much.