When creating a new account, the sign up form shows the following constraints on passwords:

• Use 8 or more characters
• Use upper and lower case letters (e.g. Aa)
• Use a number (e.g. 1234)
• Use a symbol (e.g. !@#$)

However, there's actually a fifth constraint, which is initially hidden from the user:

• Password length cannot exceed 32 characters

This constraint is only displayed to the user if they enter a password that's longer than 32 characters (see attached screenshots).

Whether it's wise to limit passwords to such an arbitrarily short length aside, I can't think of a reason why hiding this information from the user improves UX 🤷

I suggest making this constraint visible by default.