diff --git a/auth.py b/auth.py
index 0bdacc5..f7a294d 100644
--- a/auth.py
+++ b/auth.py
@@ -94,13 +94,13 @@ def save_users(data_dir: Path, users: dict[str, dict]):
 
 
 def hash_password(password: str) -> str:
-    """Hash a password."""
-    return pwd_context.hash(password)
+    """Hash a password (truncate to 72 bytes for bcrypt)."""
+    return pwd_context.hash(password[:72])
 
 
 def verify_password(plain_password: str, hashed_password: str) -> bool:
     """Verify a password against its hash."""
-    return pwd_context.verify(plain_password, hashed_password)
+    return pwd_context.verify(plain_password[:72], hashed_password)
 
 
 def create_user(data_dir: Path, username: str, password: str, email: Optional[str] = None) -> User: