Authentication is the process of verifying that an individual, entity or website is whom it claims to be. Sessions should be unique per user and computationally very difficult to predict. A key concern when using passwords for authentication is password strength. A “strong” password policy makes it difficult or even improbable for one to guess the password through either manual or automated means. It is important to set a maximum password length to prevent long password Denial of Service attacks. Password Storage Cheat Sheet provides further guidance on how to handle passwords that are longer than the maximum length.”]
Source: https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html