In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)
Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.
Such a small max length is a good indicator they aren’t handling passwords correctly. A modern website should be able to send and hash kilobytes of text without the user seeing a significant delay. Having a max size like this sounds like they are storing the password as text instead of a hash.
Or some dumb project manager said passwords longer than 24 characters look bad in the UI and wanted the limit.