diff --git a/resources/static/common/js/browserid.js b/resources/static/common/js/browserid.js
index 5f662387697380a5bbeb9639d4d2260842fa1be3..cf4e9f167e4bfcf838ef80abcf7a775e91b7a453 100644
--- a/resources/static/common/js/browserid.js
+++ b/resources/static/common/js/browserid.js
@@ -14,6 +14,10 @@
     // no sense since no component of this is 128 bits
     // so making this 160 as per DSA 1024/160
     // EXCEPT, for backwards compatibility this is still 128 for now
-    KEY_LENGTH: 128
+    KEY_LENGTH: 128,
+
+    PASSWORD_MIN_LENGTH: 8,
+    PASSWORD_MAX_LENGTH: 80
+
   });
 }());
diff --git a/resources/static/common/js/user.js b/resources/static/common/js/user.js
index 5438da17921fa3b5a5889d8a37a58614b51af0a0..babc592290d3ce01c4e62e3c36aad20757d842eb 100644
--- a/resources/static/common/js/user.js
+++ b/resources/static/common/js/user.js
@@ -836,6 +836,14 @@ BrowserID.User = (function() {
      * @param {function} [onFailure] - Called on error.
      */
     authenticate: function(email, password, onComplete, onFailure) {
+      // password is out of length range.  Don't even send the request
+      // and waste backend cycles. See issue #2032.
+      if (password.length < bid.PASSWORD_MIN_LENGTH
+       || password.length > bid.PASSWORD_MAX_LENGTH) {
+        complete(onComplete, false);
+        return;
+      }
+
       network.authenticate(email, password, function(authenticated) {
         setAuthenticationStatus(authenticated);
 
diff --git a/resources/static/test/cases/common/js/user.js b/resources/static/test/cases/common/js/user.js
index 1911f69a256b1623c871483d2c706c4345c1c3fd..f39ed418c20b87b8fd73f881e1f965cfcfb44aeb 100644
--- a/resources/static/test/cases/common/js/user.js
+++ b/resources/static/test/cases/common/js/user.js
@@ -630,6 +630,22 @@
   });
 
 
+  asyncTest("authenticate with too short a password - user not authenticated", function() {
+    var password = testHelpers.generateString(bid.PASSWORD_MIN_LENGTH - 1);
+    lib.authenticate(TEST_EMAIL, password, function onComplete(authenticated) {
+      equal(false, authenticated, "invalid authentication.");
+      start();
+    }, testHelpers.unexpectedXHRFailure);
+  });
+
+  asyncTest("authenticate with too long a password - user not authenticated", function() {
+    var password = testHelpers.generateString(bid.PASSWORD_MAX_LENGTH + 1);
+    lib.authenticate(TEST_EMAIL, password, function onComplete(authenticated) {
+      equal(false, authenticated, "invalid authentication.");
+      start();
+    }, testHelpers.unexpectedXHRFailure);
+  });
+
   asyncTest("authenticate with invalid credentials", function() {
     xhr.useResult("invalid");
     lib.authenticate(TEST_EMAIL, "testuser", function onComplete(authenticated) {