diff --git a/packages/backend-core/src/security/auth.ts b/packages/backend-core/src/security/auth.ts
index 2488d67654..3bcecd9e11 100644
--- a/packages/backend-core/src/security/auth.ts
+++ b/packages/backend-core/src/security/auth.ts
@@ -1,4 +1,5 @@
 const MIN_LENGTH = 8
+const MAX_LENGTH = 100
 
 export function validatePassword(
   password: string
@@ -10,5 +11,12 @@ export function validatePassword(
     }
   }
 
+  if (password.length > MAX_LENGTH) {
+    return {
+      valid: false,
+      error: "Password invalid. Maximum hundred characters.",
+    }
+  }
+
   return { valid: true }
 }
diff --git a/packages/backend-core/src/security/tests/auth.spec.ts b/packages/backend-core/src/security/tests/auth.spec.ts
index c72310da24..7be049ae1a 100644
--- a/packages/backend-core/src/security/tests/auth.spec.ts
+++ b/packages/backend-core/src/security/tests/auth.spec.ts
@@ -1,3 +1,4 @@
+import { generator } from "../../../tests"
 import { validatePassword } from "../auth"
 
 describe("auth", () => {
@@ -16,5 +17,15 @@ describe("auth", () => {
         error: "Password invalid. Minimum eight characters.",
       })
     })
+
+    it.each([
+      generator.word({ length: 101 }),
+      generator.paragraph().substring(0, 101),
+    ])("limit password length", password => {
+      expect(validatePassword(password as string)).toEqual({
+        valid: false,
+        error: "Password invalid. Maximum hundred characters.",
+      })
+    })
   })
 })