diff --git a/configs/milvus.yaml b/configs/milvus.yaml
index a464e676c6b6d..9b37e8609b507 100644
--- a/configs/milvus.yaml
+++ b/configs/milvus.yaml
@@ -820,7 +820,7 @@ common:
     # The superusers will ignore some system check processes,
     # like the old password verification when updating the credential
     superUsers: 
-    defaultRootPassword: Milvus # default password for root user
+    defaultRootPassword: "Milvus" # default password for root user. The maximum length is 72 characters, and double quotes are required.
     rbac:
       overrideBuiltInPrivilgeGroups:
         enabled: false # Whether to override build-in privilege groups
diff --git a/internal/rootcoord/root_coord.go b/internal/rootcoord/root_coord.go
index d46bb318e2caf..0222d0caa52a6 100644
--- a/internal/rootcoord/root_coord.go
+++ b/internal/rootcoord/root_coord.go
@@ -552,9 +552,13 @@ func (c *Core) Init() error {
 func (c *Core) initCredentials() error {
 	credInfo, _ := c.meta.GetCredential(c.ctx, util.UserRoot)
 	if credInfo == nil {
-		log.Debug("RootCoord init user root")
-		encryptedRootPassword, _ := crypto.PasswordEncrypt(Params.CommonCfg.DefaultRootPassword.GetValue())
-		err := c.meta.AddCredential(c.ctx, &internalpb.CredentialInfo{Username: util.UserRoot, EncryptedPassword: encryptedRootPassword})
+		encryptedRootPassword, err := crypto.PasswordEncrypt(Params.CommonCfg.DefaultRootPassword.GetValue())
+		if err != nil {
+			log.Warn("RootCoord init user root failed", zap.Error(err))
+			return err
+		}
+		log.Info("RootCoord init user root")
+		err = c.meta.AddCredential(c.ctx, &internalpb.CredentialInfo{Username: util.UserRoot, EncryptedPassword: encryptedRootPassword})
 		return err
 	}
 	return nil
diff --git a/pkg/util/paramtable/component_param.go b/pkg/util/paramtable/component_param.go
index 93b5fb62191b3..3bef0a40db37f 100644
--- a/pkg/util/paramtable/component_param.go
+++ b/pkg/util/paramtable/component_param.go
@@ -656,7 +656,7 @@ like the old password verification when updating the credential`,
 	p.DefaultRootPassword = ParamItem{
 		Key:          "common.security.defaultRootPassword",
 		Version:      "2.4.7",
-		Doc:          "default password for root user",
+		Doc:          "default password for root user. The maximum length is 72 characters, and double quotes are required.",
 		DefaultValue: "Milvus",
 		Export:       true,
 	}
@@ -1336,8 +1336,15 @@ func (p *proxyConfig) init(base *BaseTable) {
 
 	p.MaxPasswordLength = ParamItem{
 		Key:          "proxy.maxPasswordLength",
-		DefaultValue: "256",
+		DefaultValue: "72", // bcrypt max length
 		Version:      "2.0.0",
+		Formatter: func(v string) string {
+			n := getAsInt(v)
+			if n <= 0 || n > 72 {
+				return "72"
+			}
+			return v
+		},
 		PanicIfEmpty: true,
 	}
 	p.MaxPasswordLength.Init(base.mgr)
diff --git a/pkg/util/paramtable/component_param_test.go b/pkg/util/paramtable/component_param_test.go
index 529ec7a2d969b..d5205e0e6b872 100644
--- a/pkg/util/paramtable/component_param_test.go
+++ b/pkg/util/paramtable/component_param_test.go
@@ -214,6 +214,12 @@ func TestComponentParam(t *testing.T) {
 
 		assert.Equal(t, int64(16), Params.DDLConcurrency.GetAsInt64())
 		assert.Equal(t, int64(16), Params.DCLConcurrency.GetAsInt64())
+
+		assert.Equal(t, 72, Params.MaxPasswordLength.GetAsInt())
+		params.Save("proxy.maxPasswordLength", "100")
+		assert.Equal(t, 72, Params.MaxPasswordLength.GetAsInt())
+		params.Save("proxy.maxPasswordLength", "-10")
+		assert.Equal(t, 72, Params.MaxPasswordLength.GetAsInt())
 	})
 
 	// t.Run("test proxyConfig panic", func(t *testing.T) {