diff --git a/api/src/auth/auth.service.ts b/api/src/auth/auth.service.ts
index 3878f62..83beb17 100644
--- a/api/src/auth/auth.service.ts
+++ b/api/src/auth/auth.service.ts
@@ -251,6 +251,8 @@ export class AuthService {
       )
     }
 
+    this.validatePassword(input.newPassword)
+
     const hashedPassword = await bcrypt.hash(input.newPassword, 10)
     userToUpdate.password = hashedPassword
     await userToUpdate.save()
@@ -436,9 +438,9 @@ export class AuthService {
     }
   }
   async validatePassword(password: string) {
-    if (password.length < 6) {
+    if (password.length < 6 || password.length > 128) {
       throw new HttpException(
-        { error: 'Password must be at least 6 characters' },
+        { error: 'Password must be between 6 and 128 characters' },
         HttpStatus.BAD_REQUEST,
       )
     }