diff --git a/admin_manual/configuration_server/harden_server.rst b/admin_manual/configuration_server/harden_server.rst
index 3247bbf16..b1f0bdf30 100644
--- a/admin_manual/configuration_server/harden_server.rst
+++ b/admin_manual/configuration_server/harden_server.rst
@@ -15,6 +15,11 @@ run ownCloud Server on Apache2 on a Linux environment.
    critical security-relevant options are missing. However, it is still up to 
    the server administrator to review and maintain system security.
 
+Limit on Password Length
+------------------------
+
+ownCloud uses the bcrypt algorithm and thus for security and performance reasons, e.g. Denial of Service as CPU demand increases exponentially, it only verifies the first 72 characters of passwords. This applies to all passwords that you use in ownCloud: user passwords, passwords on link shares, and passwords on external shares.
+
 Operating system
 ----------------