I't because they are still storing passwords in cleartext... If they were hashing passwords (which is the correct way to do it) there would be no limit.
That is simply not true. I used to think the same but real world experience showed me that a lot of websites hash the passwords but they still set a limit to password length. You should read this : https://www.reddit.com/r/gfycat/comments/2m7ddd/how_does_gfy...