diff --git a/cps/admin.py b/cps/admin.py
index f4e5fc20..1f7937ba 100644
--- a/cps/admin.py
+++ b/cps/admin.py
@@ -1798,7 +1798,10 @@ def _configuration_update_helper():
         _config_checkbox(to_save, "config_password_lower")
         _config_checkbox(to_save, "config_password_upper")
         _config_checkbox(to_save, "config_password_special")
-        _config_int(to_save, "config_password_min_length")
+        if 0 < int(to_save.get("config_password_min_length", "0")) < 41:
+            _config_int(to_save, "config_password_min_length")
+        else:
+            return _configuration_result(_('Password length has to be between 1 and 40'))
         reboot_required |= _config_int(to_save, "config_session")
         reboot_required |= _config_checkbox(to_save, "config_ratelimiter")
 
@@ -2003,6 +2006,7 @@ def _handle_edit_user(to_save, content, languages, translations, kobo_support):
                 content.name = check_username(to_save["name"])
             if to_save.get("kindle_mail") != content.kindle_mail:
                 content.kindle_mail = valid_email(to_save["kindle_mail"]) if to_save["kindle_mail"] else ""
+            content.password = generate_password_hash(helper.valid_password(to_save.get("password", "")))
         except Exception as ex:
             log.error(ex)
             flash(str(ex), category="error")
diff --git a/cps/helper.py b/cps/helper.py
index 11c98a14..428cbda2 100644
--- a/cps/helper.py
+++ b/cps/helper.py
@@ -612,7 +612,7 @@ def reset_password(user_id):
     if not config.get_mail_server_configured():
         return 2, None
     try:
-        password = generate_random_password()
+        password = generate_random_password(config.config_password_min_length)
         existing_user.password = generate_password_hash(password)
         ub.session.commit()
         send_registration_mail(existing_user.email, existing_user.name, password, True)
@@ -622,9 +622,9 @@ def reset_password(user_id):
         return 0, None
 
 
-def generate_random_password():
+def generate_random_password(min_length):
     s = "abcdefghijklmnopqrstuvwxyz01234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%&*()?"
-    passlen = 8
+    passlen = min_length
     return "".join(s[c % len(s)] for c in os.urandom(passlen))
 
 
diff --git a/cps/templates/config_edit.html b/cps/templates/config_edit.html
index eec4b616..265ceff3 100644
--- a/cps/templates/config_edit.html
+++ b/cps/templates/config_edit.html
@@ -382,7 +382,7 @@
             <div data-related="password_settings">
               <div class="form-group" style="margin-left:10px;">
                 <label for="config_password_min_length">{{_('Minimum password length')}}</label>
-                <input type="number" min="0" max="40" class="form-control" name="config_password_min_length" id="config_password_min_length" value="{% if config.config_password_min_length != None %}{{ config.config_password_min_length }}{% endif %}" autocomplete="off" required>
+                <input type="number" min="1" max="40" class="form-control" name="config_password_min_length" id="config_password_min_length" value="{% if config.config_password_min_length != None %}{{ config.config_password_min_length }}{% endif %}" autocomplete="off" required>
               </div>
               <div class="form-group" style="margin-left:10px;">
                 <input type="checkbox" id="config_password_number" name="config_password_number"  {% if config.config_password_number %}checked{% endif %}>
diff --git a/cps/ub.py b/cps/ub.py
index d2fb6317..c76fc0e5 100644
--- a/cps/ub.py
+++ b/cps/ub.py
@@ -55,6 +55,7 @@ from werkzeug.security import generate_password_hash
 
 from . import constants, logger
 
+
 log = logger.create()
 
 session = None
@@ -845,7 +846,12 @@ def init_db(app_db_path, user_credentials=None):
             if not password:
                 print("Empty password is not allowed")
                 sys.exit(4)
-            user.password = generate_password_hash(password)
+            try:
+                from .helper import valid_password
+                user.password = generate_password_hash(valid_password(password))
+            except Exception:
+                print("Password doesn't comply with password validation rules")
+                sys.exit(4)
             if session_commit() == "":
                 print("Password for user '{}' changed".format(username))
                 sys.exit(0)
diff --git a/cps/web.py b/cps/web.py
index b2c99bbe..ab3f6388 100644
--- a/cps/web.py
+++ b/cps/web.py
@@ -1255,8 +1255,8 @@ def register_post():
     if check_valid_domain(email):
         content.name = nickname
         content.email = email
-        password = generate_random_password()
-        content.password = generate_password_hash(password)
+        password = generate_random_password(config.config_password_min_length)
+        content.password = generate_password_hash(valid_password(password))
         content.role = config.config_default_role
         content.locale = config.config_default_locale
         content.sidebar_view = config.config_default_show
@@ -1412,7 +1412,7 @@ def change_profile(kobo_support, local_oauth_check, oauth_status, translations,
     try:
         if current_user.role_passwd() or current_user.role_admin():
             if to_save.get('password', "") != "":
-                current_user.password = generate_password_hash(to_save.get("password"))
+                current_user.password = generate_password_hash(valid_password(to_save.get("password", "")))
         if to_save.get("eReader_mail", current_user.kindle_mail) != current_user.kindle_mail:
             current_user.kindle_mail = valid_email(to_save.get("eReader_mail"))
         new_email = valid_email(to_save.get("email", current_user.email))