When the end-user resets their password, in the account settings, they can set up to only to the maximum of 64 characters. I believe that if we're going to set a maximum limit for password creation, then the limit needs to be at least 128, not 64.
Also, when I autofilled the new password I wanted on my account with Bitwarden, Cloudreve let that slip through and allow the 128 character password that was set. However, this means when logging in, an "Invalid input parameters (Password too long)." error will occur. Cloudreve needs to check the actual limit before submitting it to the database.
Edit: I should note that I'm also on 4.0.0-beta.8 while testing some things, especially the password situation.