Confirm if we follow all advice from authentication cheat sheet

Things like setting a maximum password length maybe a good idea for example.

https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html