diff --git a/esphome/components/web_server_idf/web_server_idf.cpp b/esphome/components/web_server_idf/web_server_idf.cpp
index 5971d396c4..2f4717790f 100644
--- a/esphome/components/web_server_idf/web_server_idf.cpp
+++ b/esphome/components/web_server_idf/web_server_idf.cpp
@@ -335,8 +335,7 @@ bool AsyncWebServerRequest::authenticate(const char *username, const char *passw
     return false;
   }
 
-  // Build user:pass in stack buffer (max 64 + 1 + 64 = 129 bytes typical)
-  // Use 256 bytes to handle longer credentials safely
+  // Build user:pass in stack buffer to avoid heap allocation
   constexpr size_t max_user_info_len = 256;
   char user_info[max_user_info_len];
   size_t user_len = strlen(username);