Check that the password validation logic is the same as the front-end
https://twitter.com/guacosa/status/1149550497725988864?s=19