diff --git a/handlers/account.go b/handlers/account.go
index b73902e..4db49fc 100644
--- a/handlers/account.go
+++ b/handlers/account.go
@@ -30,6 +30,12 @@ func APIRegister(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if len(user.Password) > 72 {
+		log.Println("POST [api/register] User password too long")
+		http.Error(w, "Password exceeds the maximum allowed length of 72 characters", http.StatusUnprocessableEntity)
+		return
+	}
+
 	hashed, err := auth.HashPassword(user.Password)
 	if err != nil {
 		log.Println("POST [api/register] " + r.RemoteAddr + ": " + err.Error())