Manual:$wgMaximalPasswordLength/en

Details
Specifies the maximal length of a user password.

It is not recommended to make this greater than the default, as it can allow DoS attacks by users setting really long passwords. In addition, this should not be lowered too much, as it enforces weak passwords.

Since 1.26 deprecated in favor of.