Laravel 12 gives us the ability to reject passwords longer than 72 bytes for bcrypt, but you need to turn it on manually. Oh, and don't forget to add a validation rule, or you'll be throwing suspicious 500 server errors! 😱
https://securinglaravel.com/security-tip-limiting-bcrypt-passwords-to-72-bytes/#Laravel