In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)
Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.
Why not client side hash? JS is more than capable.
Sure, you could do something like that to normalize all manner of passwords to a manageable string, but:
That hash becomes the password, and you have to treat it as such by hashing it again server side. There’s a high risk a developer that doesn’t understand skips hashing on the backend and ends up insecurely storing a valid password for the account “in the clear”
Your ability to audit the password for stupid crap in the way in is greatly reduced or at least more complicated. I suppose you can still cross reference the password against HIBP, since they use one way hash anyway as the data. In any event you move all this validation client side and that means an industrious user could disable them and use their bad idea password.
if you have any client contexts where JavaScript is forbidden, then this would not work. Admittedly, no script friendly web is all but extinct, but some niches still contend with that
Ultimately, it’s an overcomplication to cater to a user who is inflicting uselessly long passwords on themeselves. An audience that thinks they need such long passwords would also be pissed if the site used a truncated base64 of sha256 to get 24 ASCII characters as they would think it’s insecure. Note that I imply skipping rounds, which is fine in such a hypothetical and the real one way activity happens backend side.