[Someone]

It’s prudent to have some limit, to protect against long password DoS attacks (https://www.acunetix.com/vulnerabilities/web/long-password-d...). 63 is such a limit and long enough to allow users to pick secure passwords.