diff --git a/logic/auth.go b/logic/auth.go
index 65e3a5d76..d0642cff0 100644
--- a/logic/auth.go
+++ b/logic/auth.go
@@ -282,6 +282,9 @@ func UpdateUser(userchange, user *models.User) (*models.User, error) {
 		user.UserName = userchange.UserName
 	}
 	if userchange.Password != "" {
+		if len(userchange.Password) < 5 {
+			return &models.User{}, errors.New("password requires min 5 characters")
+		}
 		// encrypt that password so we never see it again
 		hash, err := bcrypt.GenerateFromPassword([]byte(userchange.Password), 5)
 
@@ -306,8 +309,11 @@ func UpdateUser(userchange, user *models.User) (*models.User, error) {
 	}
 	user.UserGroups = userchange.UserGroups
 	user.NetworkRoles = userchange.NetworkRoles
-
-	if err := database.DeleteRecord(database.USERS_TABLE_NAME, queryUser); err != nil {
+	err = ValidateUser(user)
+	if err != nil {
+		return &models.User{}, err
+	}
+	if err = database.DeleteRecord(database.USERS_TABLE_NAME, queryUser); err != nil {
 		return &models.User{}, err
 	}
 	data, err := json.Marshal(&user)