diff --git a/app/Http/Controllers/SetupController.php b/app/Http/Controllers/SetupController.php
index 0b069925..6fa35af5 100644
--- a/app/Http/Controllers/SetupController.php
+++ b/app/Http/Controllers/SetupController.php
@@ -60,7 +60,7 @@ class SetupController extends Controller
     {
         $this->validate($request, [
             'email'     => 'required|email',
-            'password'  => 'required|min:8|max:16|confirmed',
+            'password'  => 'required|min:8|max:32|confirmed',
             'site_name' => 'required'
         ]);
 
diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index bf047123..c4a745bd 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -113,7 +113,7 @@ class UserController extends Controller
         switch ($action) {
             case 'nickname':
                 $this->validate($request, [
-                    'new_nickname' => 'required|nickname|max:255'
+                    'new_nickname' => 'required|no_special_chars|max:255'
                 ]);
 
                 $nickname = $request->input('new_nickname');
@@ -127,8 +127,8 @@ class UserController extends Controller
 
             case 'password':
                 $this->validate($request, [
-                    'current_password' => 'required|min:6|max:16',
-                    'new_password'     => 'required|min:8|max:16'
+                    'current_password' => 'required|min:6|max:32',
+                    'new_password'     => 'required|min:8|max:32'
                 ]);
 
                 if (! $this->user->verifyPassword($request->input('current_password')))
@@ -149,7 +149,7 @@ class UserController extends Controller
             case 'email':
                 $this->validate($request, [
                     'new_email' => 'required|email',
-                    'password'  => 'required|min:6|max:16'
+                    'password'  => 'required|min:6|max:32'
                 ]);
 
                 if ($users->get($request->input('new_email'), 'email')) {
@@ -171,7 +171,7 @@ class UserController extends Controller
 
             case 'delete':
                 $this->validate($request, [
-                    'password' => 'required|min:6|max:16'
+                    'password' => 'required|min:6|max:32'
                 ]);
 
                 if (! $this->user->verifyPassword($request->input('password')))
diff --git a/tests/UserControllerTest.php b/tests/UserControllerTest.php
index 0821f571..dcfcf2c6 100644
--- a/tests/UserControllerTest.php
+++ b/tests/UserControllerTest.php
@@ -173,7 +173,8 @@ class UserControllerTest extends TestCase
         // Too short current password
         $this->post('/user/profile', [
             'action' => 'password',
-            'current_password' => '1'
+            'current_password' => '1',
+            'new_password' => '12345678'
         ], [
             'X-Requested-With' => 'XMLHttpRequest'
         ])->seeJson([
@@ -184,12 +185,13 @@ class UserControllerTest extends TestCase
         // Too long current password
         $this->post('/user/profile', [
             'action' => 'password',
-            'current_password' => str_random(17)
+            'current_password' => str_random(33),
+            'new_password' => '12345678'
         ], [
             'X-Requested-With' => 'XMLHttpRequest'
         ])->seeJson([
             'errno' => 1,
-            'msg' => trans('validation.max.string', ['attribute' => 'current password', 'max' => 16])
+            'msg' => trans('validation.max.string', ['attribute' => 'current password', 'max' => 32])
         ]);
 
         // Too short new password
@@ -208,12 +210,12 @@ class UserControllerTest extends TestCase
         $this->post('/user/profile', [
             'action' => 'password',
             'current_password' => '12345678',
-            'new_password' => str_random(17)
+            'new_password' => str_random(33)
         ], [
             'X-Requested-With' => 'XMLHttpRequest'
         ])->seeJson([
             'errno' => 1,
-            'msg' => trans('validation.max.string', ['attribute' => 'new password', 'max' => 16])
+            'msg' => trans('validation.max.string', ['attribute' => 'new password', 'max' => 32])
         ]);
 
         // Wrong old password
@@ -283,12 +285,12 @@ class UserControllerTest extends TestCase
         $this->post('/user/profile', [
             'action' => 'email',
             'new_email' => 'a@b.c',
-            'password' => str_random(17)
+            'password' => str_random(33)
         ], [
             'X-Requested-With' => 'XMLHttpRequest'
         ])->seeJson([
             'errno' => 1,
-            'msg' => trans('validation.max.string', ['attribute' => 'password', 'max' => 16])
+            'msg' => trans('validation.max.string', ['attribute' => 'password', 'max' => 32])
         ]);
 
         // Use a duplicated email
@@ -356,12 +358,12 @@ class UserControllerTest extends TestCase
         // Too long current password
         $this->post('/user/profile', [
             'action' => 'delete',
-            'password' => str_random(17)
+            'password' => str_random(33)
         ], [
             'X-Requested-With' => 'XMLHttpRequest'
         ])->seeJson([
             'errno' => 1,
-            'msg' => trans('validation.max.string', ['attribute' => 'password', 'max' => 16])
+            'msg' => trans('validation.max.string', ['attribute' => 'password', 'max' => 32])
         ]);
 
         // Wrong password