diff --git a/packages/accounts-password/package.js b/packages/accounts-password/package.js
index c5656d6990..9109e5cc93 100644
--- a/packages/accounts-password/package.js
+++ b/packages/accounts-password/package.js
@@ -5,7 +5,7 @@ Package.describe({
   // 2.2.x in the future. The version was also bumped to 2.0.0 temporarily
   // during the Meteor 1.5.1 release process, so versions 2.0.0-beta.2
   // through -beta.5 and -rc.0 have already been published.
-  version: "1.7.0"
+  version: "1.7.1"
 });
 
 Package.onUse(api => {
diff --git a/packages/accounts-password/password_server.js b/packages/accounts-password/password_server.js
index 2076985362..c09b7bb5f8 100644
--- a/packages/accounts-password/password_server.js
+++ b/packages/accounts-password/password_server.js
@@ -277,8 +277,10 @@ const userQueryValidator = Match.Where(user => {
 });
 
 const passwordValidator = Match.OneOf(
-  String,
-  { digest: String, algorithm: String }
+  Match.Where(str => Match.test(str, String) && str.length <= Meteor.settings?.packages?.accounts?.passwordMaxLength || 256), {
+    digest: Match.Where(str => Match.test(str, String) && str.length === 64),
+    algorithm: Match.OneOf('sha-256')
+  }
 );
 
 // Handler to login with a password.