diff --git a/lib/auth/person.ex b/lib/auth/person.ex
index 5721171f..04878b54 100644
--- a/lib/auth/person.ex
+++ b/lib/auth/person.ex
@@ -74,6 +74,8 @@ defmodule Auth.Person do
   def password_new_changeset(attrs) do
     %Person{}
     |> cast(attrs, [:email, :password])
+    |> validate_required([:password])
+    |> validate_length(:password, min: 8)
   end
 
   @doc """
diff --git a/lib/auth_web/controllers/auth_controller.ex b/lib/auth_web/controllers/auth_controller.ex
index 820765ff..291ce0f0 100644
--- a/lib/auth_web/controllers/auth_controller.ex
+++ b/lib/auth_web/controllers/auth_controller.ex
@@ -301,8 +301,20 @@ defmodule AuthWeb.AuthController do
   def password_create(conn, params) do
     p = params["person"]
     email = Auth.Person.decrypt_email(p["email"])
-    person = Auth.Person.upsert_person(%{email: email, password: p["password"]})
-    redirect_or_render(conn, person, p["state"])
+    changeset = Auth.Person.password_new_changeset(%{email: email, password: p["password"]})
+
+    if changeset.valid? do
+      person = Auth.Person.upsert_person(%{email: email, password: p["password"]})
+      redirect_or_render(conn, person, p["state"])
+    else
+      conn
+      |> assign(:action, Routes.auth_path(conn, :password_create))
+      |> render("password_create.html",
+        changeset: changeset,
+        state: p["state"],
+        email: p["email"]
+      )
+    end
   end
 
   @doc """
diff --git a/test/auth_web/controllers/auth_controller_test.exs b/test/auth_web/controllers/auth_controller_test.exs
index 4096e089..10745e41 100644
--- a/test/auth_web/controllers/auth_controller_test.exs
+++ b/test/auth_web/controllers/auth_controller_test.exs
@@ -274,6 +274,18 @@ defmodule AuthWeb.AuthControllerTest do
     assert html_response(conn, 200) =~ "Welcome"
   end
 
+  test "password_create/2 display form when password not valid", %{conn: conn} do
+    params = %{
+      "person" => %{
+        "email" => AuthWeb.ApikeyController.encrypt_encode("anabela@mail.com"),
+        "password" => "short"
+      }
+    }
+
+    conn = post(conn, "/auth/password/create", params)
+    assert html_response(conn, 200) =~ "Password"
+  end
+
   test "verify_email/2 verify an email address", %{conn: conn} do
     person =
       %{email: "anabela@mail.com", auth_provider: "email"}