In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)
Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.
you absolutely should not be hashing client side. You need to securely transmit the password to the server where it is hashed. You do not want clients knowing /how/ the password is salted/hashed. this lowers your security overall.
If you’re doing hashing and salting on the client then yep it’s useless, no difference to just using a hash output as a password.
If on the other hand you’re doing a zero-knowledge password proof method then it’s quite secure. As the password is never transmitted over the network, not even the server knows what it is, but can still verify the user has the correct one.