diff --git a/src/MicroweberPackages/User/Models/User.php b/src/MicroweberPackages/User/Models/User.php
index 69ad349a99f..1bd52baae8c 100644
--- a/src/MicroweberPackages/User/Models/User.php
+++ b/src/MicroweberPackages/User/Models/User.php
@@ -169,8 +169,8 @@ public function getValidatorMessages()
     public function validateAndFill($data)
     {
         if (!empty($data['password']) && !empty($data['verify_password'])) {
-            $this->rules['password'] = 'required|min:1';
-            $this->rules['verify_password'] = 'required|same:password';
+            $this->rules['password'] = 'required|min:1|max:50';
+            $this->rules['verify_password'] = 'required|same:password|min:1|max:50';
         }
 
         $requireUsername = false;
@@ -182,6 +182,7 @@ public function validateAndFill($data)
             $this->rules['username'] = [
                 'required',
                 'min:1',
+                'max:50',
                 Rule::unique('users', 'username')->ignore($data['id'], 'id')
             ];
         }
diff --git a/src/MicroweberPackages/User/UserManager.php b/src/MicroweberPackages/User/UserManager.php
index eaeb57d5803..50a9ebf4629 100644
--- a/src/MicroweberPackages/User/UserManager.php
+++ b/src/MicroweberPackages/User/UserManager.php
@@ -738,18 +738,14 @@ public function save($params)
             }
         }
         if ($force == false) {
-
             if (!is_cli()) {
                 $validate_token = mw()->user_manager->csrf_validate($params);
-
                 if ($validate_token == false) {
-
                     return array(
                         'error' => _e('Confirm edit of profile', true),
                         'form_data_required' => 'token',
                         'form_data_module' => 'users/profile/confirm_edit'
                     );
-
                 }
             }
 
@@ -832,9 +828,14 @@ public function save($params)
         $data_to_save = $this->app->format->clean_xss($data_to_save);
 
 
+        if (isset($data_to_save['password2'])) {
+            $data_to_save['verify_password'] = $data_to_save['password2'];
+        }
+
         $checkValidator = $user->validateAndFill($data_to_save);
         $getValidatorMessages = $user->getValidatorMessages();
 
+
         if ($checkValidator) {
 
             if (isset($data_to_save['id'])) {
diff --git a/src/MicroweberPackages/User/routes/api.php b/src/MicroweberPackages/User/routes/api.php
index e323bc458ab..25cb069ad77 100644
--- a/src/MicroweberPackages/User/routes/api.php
+++ b/src/MicroweberPackages/User/routes/api.php
@@ -71,7 +71,9 @@
     if(!is_logged()){
         App::abort(403, 'Unauthorized action.');
     }
+
     $input = Input::all();
+
     return save_user($input);
 })->middleware(['api']);