how to launch website

Date: 13-07-2023

I understand that password storage generally uses hashing for security due to it being irreversible and that the stored hash is just compared to the hash of the password inputed by a user attempting to log in. As hashes are fixed length, does that mean that even if not specified when creating the password, all login systems would need to have some sort of maximum input length (although probably very high)? Allowing inputs larger than the output length would risk collision. This would mean that 2 different passwords could be hashed and appear to match.