diff --git a/apps/web/app/(auth)/auth/components/IsPasswordValid.tsx b/apps/web/app/(auth)/auth/components/IsPasswordValid.tsx
index 1e9c882627..75b77aef38 100644
--- a/apps/web/app/(auth)/auth/components/IsPasswordValid.tsx
+++ b/apps/web/app/(auth)/auth/components/IsPasswordValid.tsx
@@ -13,7 +13,7 @@ const PASSWORD_REGEX = {
 
 const DEFAULT_VALIDATIONS = [
   { label: "Mix of uppercase and lowercase", state: false },
-  { label: "Minimum 8 characters long", state: false },
+  { label: "Minimum 8 & Maximum 128 characters long", state: false },
   { label: "Contain at least 1 number", state: false },
 ];
 
@@ -30,7 +30,7 @@ export default function IsPasswordValid({
     let newValidations = [...DEFAULT_VALIDATIONS];
     if (password !== null) {
       newValidations = checkValidation(newValidations, 0, PASSWORD_REGEX.UPPER_AND_LOWER.test(password));
-      newValidations = checkValidation(newValidations, 1, password.length >= 8);
+      newValidations = checkValidation(newValidations, 1, password.length >= 8 && password.length <= 128);
       newValidations = checkValidation(newValidations, 2, PASSWORD_REGEX.NUMBER.test(password));
     }
     setIsValid(newValidations.every((validation) => validation.state === true));
diff --git a/apps/web/next.config.mjs b/apps/web/next.config.mjs
index 3c34b900f2..ddfaebc6e1 100644
--- a/apps/web/next.config.mjs
+++ b/apps/web/next.config.mjs
@@ -111,6 +111,15 @@ const nextConfig = {
           },
         ],
       },
+      {
+        source: "/(.*)",
+        headers: [
+          {
+            key: "X-Frame-Options",
+            value: "SAMEORIGIN",
+          },
+        ],
+      },
     ];
   },
   env: {