diff --git a/commafeed-server/src/main/java/com/commafeed/frontend/model/request/AdminSaveUserRequest.java b/commafeed-server/src/main/java/com/commafeed/frontend/model/request/AdminSaveUserRequest.java
index 8faf458d..0548ff5c 100644
--- a/commafeed-server/src/main/java/com/commafeed/frontend/model/request/AdminSaveUserRequest.java
+++ b/commafeed-server/src/main/java/com/commafeed/frontend/model/request/AdminSaveUserRequest.java
@@ -4,6 +4,8 @@ import java.io.Serializable;
 
 import org.eclipse.microprofile.openapi.annotations.media.Schema;
 
+import com.commafeed.security.password.ValidPassword;
+
 import lombok.Data;
 
 @SuppressWarnings("serial")
@@ -21,6 +23,7 @@ public class AdminSaveUserRequest implements Serializable {
 	private String email;
 
 	@Schema(description = "user password")
+	@ValidPassword
 	private String password;
 
 	@Schema(description = "account status", required = true)
diff --git a/commafeed-server/src/main/java/com/commafeed/frontend/model/request/RegistrationRequest.java b/commafeed-server/src/main/java/com/commafeed/frontend/model/request/RegistrationRequest.java
index 64f148e7..be75474a 100644
--- a/commafeed-server/src/main/java/com/commafeed/frontend/model/request/RegistrationRequest.java
+++ b/commafeed-server/src/main/java/com/commafeed/frontend/model/request/RegistrationRequest.java
@@ -22,7 +22,7 @@ public class RegistrationRequest implements Serializable {
 	@Size(min = 3, max = 32)
 	private String name;
 
-	@Schema(description = "password, minimum 6 characters", required = true)
+	@Schema(description = "password", required = true)
 	@NotEmpty
 	@ValidPassword
 	private String password;
diff --git a/commafeed-server/src/main/java/com/commafeed/frontend/resource/AdminREST.java b/commafeed-server/src/main/java/com/commafeed/frontend/resource/AdminREST.java
index 199c38db..e077d115 100644
--- a/commafeed-server/src/main/java/com/commafeed/frontend/resource/AdminREST.java
+++ b/commafeed-server/src/main/java/com/commafeed/frontend/resource/AdminREST.java
@@ -9,6 +9,7 @@ import java.util.Set;
 import jakarta.annotation.security.RolesAllowed;
 import jakarta.inject.Singleton;
 import jakarta.transaction.Transactional;
+import jakarta.validation.Valid;
 import jakarta.ws.rs.Consumes;
 import jakarta.ws.rs.GET;
 import jakarta.ws.rs.POST;
@@ -65,7 +66,7 @@ public class AdminREST {
 	@Operation(
 			summary = "Save or update a user",
 			description = "Save or update a user. If the id is not specified, a new user will be created")
-	public Response adminSaveUser(@Parameter(required = true) AdminSaveUserRequest req) {
+	public Response adminSaveUser(@Valid @Parameter(required = true) AdminSaveUserRequest req) {
 		Preconditions.checkNotNull(req);
 		Preconditions.checkNotNull(req.getName());
 
diff --git a/commafeed-server/src/test/java/com/commafeed/integration/rest/AdminIT.java b/commafeed-server/src/test/java/com/commafeed/integration/rest/AdminIT.java
index e56d8b89..c596cc25 100644
--- a/commafeed-server/src/test/java/com/commafeed/integration/rest/AdminIT.java
+++ b/commafeed-server/src/test/java/com/commafeed/integration/rest/AdminIT.java
@@ -9,8 +9,8 @@ import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
 
-import com.commafeed.backend.model.User;
 import com.commafeed.frontend.model.UserModel;
+import com.commafeed.frontend.model.request.AdminSaveUserRequest;
 import com.commafeed.frontend.model.request.IDRequest;
 import com.commafeed.integration.BaseIT;
 
@@ -51,10 +51,11 @@ class AdminIT extends BaseIT {
 		}
 
 		private long createUser() {
-			User user = new User();
+			AdminSaveUserRequest user = new AdminSaveUserRequest();
 			user.setName("test");
-			user.setPassword("test".getBytes());
+			user.setPassword("Test1234!");
 			user.setEmail("test@test.com");
+			user.setEnabled(true);
 			String response = RestAssured.given()
 					.body(user)
 					.contentType(ContentType.JSON)