diff --git a/uffd/user/models.py b/uffd/user/models.py
index a2b8412aa6fdeaaa0b81423dbfcbed47ffc3a86b..5158b32305162f164178dee5618d9e21c44b9c6e 100644
--- a/uffd/user/models.py
+++ b/uffd/user/models.py
@@ -119,7 +119,7 @@ class User():
 		return True
 
 	def set_password(self, value):
-		if len(value) < 8:
+		if len(value) < 8 or len(value) > 256:
 			return False
 		self.newpassword = value
 		return True
diff --git a/uffd/user/templates/user.html b/uffd/user/templates/user.html
index c735e85096ee0d6fca255a380e222598e2f672da..68dcb7eaac2201bf74d5078991c97f2de8e8eb1b 100644
--- a/uffd/user/templates/user.html
+++ b/uffd/user/templates/user.html
@@ -62,7 +62,7 @@
 				<input type="password" class="form-control" id="user-password" name="password" placeholder="mail to set it will be sent" readonly>
 				{% endif %}
 				<small class="form-text text-muted">
-					At least 8 characters, no other special requirements. But please don't be stupid and use a password manager.
+					At least 8 and at most 256 characters, no other special requirements. But please don't be stupid and use a password manager.
 				</small>
 			</div>
 		</div>