diff --git a/routers/secure/user.go b/routers/secure/user.go
index fd9a773c3..8567dc9e6 100755
--- a/routers/secure/user.go
+++ b/routers/secure/user.go
@@ -88,7 +88,7 @@ func CreateUser(ctx *context.Context, form api.CreateUserOption) {
 	if ctx.Written() {
 		return
 	}
-	if !password.IsComplexEnough(form.Password) {
+	if !password.IsComplexEnough(form.Password) || len(form.Password) < setting.MinPasswordLength {
 		log.Error("CreateUser failed: PasswordComplexity", ctx.Data["MsgID"])
 		ctx.JSON(http.StatusBadRequest, map[string]string{
 			"error_msg": "PasswordComplexity",