Some password hashing algorithms have a maximum input size. For example, <i>bcrypt</i> is limited to 72 characters. The speed of password hashing (which is deliberately designed to be slow to impede brute-force attacks) might also significantly depend on input length, hence overly long input may take too long to hash. Other than that, and general limits on request size, there is no good reason. On the other hand, since the hashes are usually fixed-length, you also don’t gain anything by using overly long passwords.
i found this interesting:<p>Password length best practices
--What is the standard for maximum password length?<p>Your passwords have to get quite long before you run into any limitations in the Windows world: the maximum length of a password supported by Active Directory is 256 characters. The maximum length of a password that a human user could actually type to log into Windows in 127 characters (the limitation is in the Windows GUI).<p>127 is probably quite impractical for a user to type, but might be good for admin accounts where passwords are checked out and copied and pasted from a password vault. Service account passwords that are almost never typed and possibly rarely changed (if ever) could stand to be longer still.<p><a href="https://specopssoft.com/blog/password-length-best-practices/" rel="nofollow noreferrer">https://specopssoft.com/blog/password-length-best-practices/</a>