diff --git a/config/initializers/devise_password_length.rb.example b/config/initializers/devise_password_length.rb.example
new file mode 100644
index 0000000..9730582
--- /dev/null
+++ b/config/initializers/devise_password_length.rb.example
@@ -0,0 +1,6 @@
+Devise.setup do |config|
+  # The following line changes the password length limits for new users. In the
+  # example below the minimum length is 12 characters, and the maximum length
+  # is 128 characters.
+  config.password_length = 12..128
+end
diff --git a/doc/security/password_length_limits.md b/doc/security/password_length_limits.md
new file mode 100644
index 0000000..dee2bcd
--- /dev/null
+++ b/doc/security/password_length_limits.md
@@ -0,0 +1,9 @@
+# Custom password length limits
+
+If you want to enforce longer user passwords you can create an extra Devise initializer with the following steps:
+
+```bash
+cd /home/git/gitlab
+sudo -u git -H cp config/initializers/devise_password_length.rb.example config/initializers/devise_password_length.rb
+sudo -u git -H editor config/initializers/devise_password_length.rb   # inspect and edit the new password length limits
+```
--
libgit2 0.21.2