diff --git a/lib/plausible/auth/user.ex b/lib/plausible/auth/user.ex
index a243afa54a3d74578e927d98f565096da1961cbc..aff7c1b3b62ef2dedfd4b4748227506c78451230 100644
--- a/lib/plausible/auth/user.ex
+++ b/lib/plausible/auth/user.ex
@@ -34,6 +34,7 @@ defmodule Plausible.Auth.User do
|> cast(attrs, @required)
|> validate_required(@required)
|> validate_length(:password, min: 6, message: "has to be at least 6 characters")
+ |> validate_length(:password, max: 64, message: "cannot be longer than 64 characters")
|> validate_confirmation(:password)
|> hash_password()
|> change(trial_expiry_date: trial_expiry())
diff --git a/lib/plausible_web/templates/auth/activate.html.eex b/lib/plausible_web/templates/auth/activate.html.eex
index 3f84ced067ce23a44c811df8fd06b85841764acd..34e7a9246ae49e3d5f8cf7b7e02e084e62fdaeae 100644
--- a/lib/plausible_web/templates/auth/activate.html.eex
+++ b/lib/plausible_web/templates/auth/activate.html.eex
@@ -9,7 +9,7 @@
<div class="mt-12 flex items-stretch flex-grow">
<div>
- <%= text_input f, :code, class: "tracking-widest font-medium shadow-sm focus:ring-indigo-500 focus:border-indigo-500 block w-36 px-8 border-gray-300 dark:border-gray-500 rounded-l-md dark:text-gray-200 dark:bg-gray-900", oninput: "this.value=this.value.replace(/[^0-9]/g, ''); if (this.value.length >= 4) document.getElementById('submit').focus()", onclick: "this.select();", maxlength: "4", placeholder: "••••", style: "letter-spacing: 10px;" %>
+ <%= text_input f, :code, class: "tracking-widest font-medium shadow-sm focus:ring-indigo-500 focus:border-indigo-500 block w-36 px-8 border-gray-300 dark:border-gray-500 rounded-l-md dark:text-gray-200 dark:bg-gray-900", oninput: "this.value=this.value.replace(/[^0-9]/g, ''); if (this.value.length >= 4) document.getElementById('submit').focus()", onclick: "this.select();", maxlength: "4", placeholder: "••••", style: "letter-spacing: 10px;", required: "required" %>
</div>
<button id="submit" class="button rounded-l-none">Activate →</button>
</div>