There is no technical reason for there to be a maximum length on the user’s password.

Watch:

Here’s a password bitwarden generated for me:

Bonded-Reforest-Prenatal7-Spoken-Straggler-Catcall

Here’s the base64-encoded SHA3-512 hash for that password:

Q2WaVLdTAg5T4xi3VB5PMI7GkAv3np9Usa2+uTMglbMcDDAdYXzUNgAzzYLoSWku/e007vkKfvSotzoriSKt4Q==

Here’s the has for the password password:

6adUhnNqVQr0/qhh4jeDBcSlVaBQlN7h3KL2iv6knMOlDo3m6hMepSExH01vsFShRugoL441/y5jaMGmLpCXFg==

Notice how the thing the website should be storing in their database is exactly the same length, regardless of the input?

For extra fun, here’s the hash for your sample password:

GbxnrQ31PInMSu2ik2ZR5TefgXIInSJBxZ5zwcYmkRxzw07tZoxPqJbEmcbuTBpzCZzwLrqqcxz04p8ToGszRQ==

Here’s a tool to generate your own hashes: https://www.liavaag.org/English/SHA-Generator/

If/When Lemmy and other federated services grow to the point that’s an issue in major search engines, said search engines should be smart enough to group and/or suppress mirrored results.

You can see that sort of thing in Google now for major sites like Reddit and StackOverflow, though it’s more along the lines of “the same question in a different post”.

You can also, in the interim, just pick an instance and add, site:lemm.world or whatever instead of just “lemmy”.