!!! Overview
[{$pagename}] is a typical parameter of a [Password Policy] specifically the [Password Modification Policy] that deals with [Password Quality][{$pagename}] is a [Password Anti-Pattern] 

[{$pagename}] may also be used at the [Policy Enforcement Point] during a [Password Change] or [Password Reset].

!! [{$pagename}] [AttributeTypes]
* [eDirectory]: 
* [Microsoft Active Directory]: 
* [draft-behera-ldap-password-policy]: [pwdMaxLength]

!! [National Institute of Standards and Technology] [NIST]'s view:[1]
[Verifiers] [SHOULD] permit subscriber-chosen memorized secrets __at least 64 characters in length__

No reasonable [person] is going to use a website with a 64-character password limit then turn around and say "this site's security is crap because they didn't let me use more than 64 characters in my password". But just to be sure, make it 100. Or 200. Or stick with NIST's thinking and make it 256, it doesn't matter because it's going to hash down to the same number of characters anyway.

[NIST] also makes another important if not obvious point when it comes to password length: Truncation of the secret [SHALL NOT] be performed

This is really the simplest of concepts: don't have a short arbitrary password length and don't chop characters off the end of a password provided by a user. At the very least, an [organizational Entity] defending this position should say "we know it's bad, there's legacy reasons, we'll put it on the road map to be rectified".

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Passwords Evolved: Authentication Guidance for the Modern Era|https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/|target='_blank'] - based on information obtained 2017-07-26-