diff --git a/CHANGES b/CHANGES
index 3965ce35d..1b686045a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1528,4 +1528,5 @@
 * Alert about configuration issues in the notification UI
 * Switching dashboard domain now updates MX, SPF records
 * Mailbox and lists UI is now always visible (but disabled) when incoming email is disabled
+* Fix issue where long passwords were not accepted
 
diff --git a/src/users.js b/src/users.js
index 9e88ae7e1..3e9a297c5 100644
--- a/src/users.js
+++ b/src/users.js
@@ -130,6 +130,7 @@ function validatePassword(password) {
     assert.strictEqual(typeof password, 'string');
 
     if (password.length < 8) return new UsersError(UsersError.BAD_FIELD, 'Password must be atleast 8 characters');
+    if (password.length > 256) return new UsersError(UsersError.BAD_FIELD, 'Password cannot be more than 256 characters');
 
     return null;
 }