<input type="password" .../> fields within login & 'change password' forms should have 'maxlength' specified as the real maximum length of a password. This would allow users using password hashes like SHAPass to choose correct parameters without having to see 'Password Too Long' error.
In bugzilla-3, the maximum password length restriction has been removed. I'll close this as WONTFIX later.