@protonmail Some services still have archaic level limitations on password/passphrase lengths, some even requiring as low as "12 characters or less" still but more often 32, often then in combination with exceptionally strict restrictions on which characters are allowed in those.
That makes following good authentication management not just hard, but impossible.