549
NIST proposes barring some of the most nonsensical password rules
(arstechnica.com)
This is a most excellent place for technology news and articles.
I usually do 256 characters. That's long enough that most password managers top out anyway (mine tops out at 128), and it shouldn't ever present a DOS risk. Anything much beyond that and you'll go beyond the hash length.