diff --git a/install/package.json b/install/package.json
index 8311355969..bfe95a7a27 100644
--- a/install/package.json
+++ b/install/package.json
@@ -164,8 +164,8 @@
         "grunt-contrib-watch": "1.1.0",
         "husky": "4.3.0",
         "jsdom": "16.4.0",
-        "lint-staged": "10.5.0",
-        "mocha": "8.2.0",
+        "lint-staged": "10.5.1",
+        "mocha": "8.2.1",
         "mocha-lcov-reporter": "1.3.0",
         "nyc": "15.1.0",
         "smtp-server": "3.7.0"
diff --git a/src/controllers/authentication.js b/src/controllers/authentication.js
index a14faf2758..27b3d63cf6 100644
--- a/src/controllers/authentication.js
+++ b/src/controllers/authentication.js
@@ -94,6 +94,10 @@ authenticationController.register = async function (req, res) {
 			throw new Error('[[user:change_password_error_match]]');
 		}
 
+		if (userData.password.length > 4096) {
+			throw new Error('[[error:password-too-long]]');
+		}
+
 		user.isPasswordValid(userData.password);
 
 		res.locals.processLogin = true;	// set it to false in plugin if you wish to just register only