diff --git a/handlers/type.go b/handlers/type.go
index 7777248..46508a5 100644
--- a/handlers/type.go
+++ b/handlers/type.go
@@ -4,23 +4,23 @@
 package handlers
 
 type userSignin struct {
-	Username string `form:"username" json:"username" validate:"required,username"`
-	Password string `form:"password" json:"password" validate:"required,password"`
+	Username string `form:"username" json:"username" validate:"required,username,gte=2"`
+	Password string `form:"password" json:"password" validate:"required,password,gte=12"`
 }
 
 type userSignup struct {
-	Username string `form:"username" json:"username" validate:"required,username"`
+	Username string `form:"username" json:"username" validate:"required,username,gte=2"`
 	Email    string `form:"email" json:"email" validate:"required,email"`
-	Password string `form:"password" json:"password" validate:"required,password"`
+	Password string `form:"password" json:"password" validate:"required,password,gte=20"`
 }
 
 // this struct is also used on update by admins, which is why the password fields are omitempty.
 // when users finish setting up, admins can no longer change their passwords.
 type userCreate struct {
-	Username       string `form:"username" json:"username" validate:"required,username"`
+	Username       string `form:"username" json:"username" validate:"required,username,gte=2"`
 	Email          string `form:"email" json:"email" validate:"required,email"`
-	Password       string `form:"password" json:"password" validate:"omitempty,password"`
-	RepeatPassword string `form:"repeatPassword" json:"repeatPassword" validate:"omitempty,repeatPassword"`
+	Password       string `form:"password" json:"password" validate:"omitempty,password,gte=20"`
+	RepeatPassword string `form:"repeatPassword" json:"repeatPassword" validate:"omitempty,repeatPassword,gte=20"`
 	IsAdmin        bool   `form:"isAdmin" json:"isAdmin" validate:"required,isAdmin"`
 	IsActive       *bool  `form:"isActive" json:"isActive" validate:"omitempty,isActive"`
 }
@@ -30,13 +30,13 @@ type userID struct {
 }
 
 type initPasswordChange struct {
-	NewPassword string `form:"new-password" validate:"required,new-password"`
+	NewPassword string `form:"new-password" validate:"required,new-password,gte=20"`
 }
 
 type hibpSearch struct {
-	Account string `form:"search" validate:"required,search"`
+	Account string `form:"search" validate:"required,search,gt=2"`
 }
 
 type hibpBreachDetail struct {
-	BreachName string `param:"name" validate:"required,name"`
+	BreachName string `param:"name" validate:"required,name,gt=0"`
 }
diff --git a/templates/manage/user-new.tmpl b/templates/manage/user-new.tmpl
index 7d0d33b..69bc9e6 100644
--- a/templates/manage/user-new.tmpl
+++ b/templates/manage/user-new.tmpl
@@ -37,13 +37,13 @@
 						<span class="absolute" role="img" aria-label="password lock icon">
 							{{ template "svg-password.tmpl" }}
 						</span>
-						<input name="password" type="password" {{if and .Data.form .Data.form.Password}}value="{{.Data.form.Password}}"{{end}} placeholder="Password" required class="block w-full px-10 py-3 required:border-blue-300 text-gray-700 bg-white border rounded-lg dark:bg-gray-900 dark:text-gray-300 dark:border-gray-600 focus:border-blue-400 dark:focus:border-blue-300 focus:ring-blue-300 focus:outline-none focus:ring focus:ring-opacity-40">
+						<input name="password" type="password" {{if and .Data.form .Data.form.Password}}value="{{.Data.form.Password}}"{{end}} placeholder="Password" minlength="20" required class="block w-full px-10 py-3 required:border-blue-300 text-gray-700 bg-white border rounded-lg dark:bg-gray-900 dark:text-gray-300 dark:border-gray-600 focus:border-blue-400 dark:focus:border-blue-300 focus:ring-blue-300 focus:outline-none focus:ring focus:ring-opacity-40">
 					</div>
 					<div class="relative flex items-center mt-4">
 						<span class="absolute" role="img" aria-label="password lock icon">
 							{{ template "svg-password.tmpl" }}
 						</span>
-						<input name="repeatPassword" type="password" {{if and .Data.form .Data.form.RepeatPassword}}value="{{.Data.form.RepeatPassword}}"{{end}} placeholder="Repeat Password" required class="block w-full px-10 py-3 required:border-blue-300 text-gray-700 bg-white border rounded-lg dark:bg-gray-900 dark:text-gray-300 dark:border-gray-600 focus:border-blue-400 dark:focus:border-blue-300 focus:ring-blue-300 focus:outline-none focus:ring focus:ring-opacity-40">
+						<input name="repeatPassword" type="password" {{if and .Data.form .Data.form.RepeatPassword}}value="{{.Data.form.RepeatPassword}}"{{end}} placeholder="Repeat Password" minlength="20" required class="block w-full px-10 py-3 required:border-blue-300 text-gray-700 bg-white border rounded-lg dark:bg-gray-900 dark:text-gray-300 dark:border-gray-600 focus:border-blue-400 dark:focus:border-blue-300 focus:ring-blue-300 focus:outline-none focus:ring focus:ring-opacity-40">
 					</div>
 					<div class="flex pt-2 px-2 items-center justify-center gap-6">
 						<div class="mb-1 block min-h-3">
diff --git a/templates/signup.tmpl b/templates/signup.tmpl
index b05be3d..3b7c3be 100644
--- a/templates/signup.tmpl
+++ b/templates/signup.tmpl
@@ -18,7 +18,7 @@
 						<span class="absolute" role="img" aria-label="person outline icon for username">
 							{{ template "svg-user.tmpl" }}
 						</span>
-						<input name="username" type="text" placeholder="Username" required class="block w-full py-3 valid:border-green-300 required:border-blue-300 text-gray-700 bg-white border rounded-lg px-11 dark:bg-gray-900 dark:text-gray-300 dark:border-gray-600 focus:border-blue-400 dark:focus:border-blue-300 focus:ring-blue-300 focus:outline-none focus:ring focus:ring-opacity-40">
+						<input name="username" type="text" placeholder="Username" minlength="2" required class="block w-full py-3 valid:border-green-300 required:border-blue-300 text-gray-700 bg-white border rounded-lg px-11 dark:bg-gray-900 dark:text-gray-300 dark:border-gray-600 focus:border-blue-400 dark:focus:border-blue-300 focus:ring-blue-300 focus:outline-none focus:ring focus:ring-opacity-40">
 					</div>
 					<div class="relative flex items-center mt-4">
 						<!-- <label class="block"> -->
@@ -35,7 +35,7 @@
 						<span class="absolute" role="img" aria-label="password lock icon">
 							{{ template "svg-password.tmpl" }}
 						</span>
-						<input name="password" type="password" placeholder="Password" required class="block w-full px-10 py-3 required:border-blue-300 text-gray-700 bg-white border rounded-lg dark:bg-gray-900 dark:text-gray-300 dark:border-gray-600 focus:border-blue-400 dark:focus:border-blue-300 focus:ring-blue-300 focus:outline-none focus:ring focus:ring-opacity-40">
+						<input name="password" type="password" placeholder="Password" required minlength="20" class="block w-full px-10 py-3 required:border-blue-300 text-gray-700 bg-white border rounded-lg dark:bg-gray-900 dark:text-gray-300 dark:border-gray-600 focus:border-blue-400 dark:focus:border-blue-300 focus:ring-blue-300 focus:outline-none focus:ring focus:ring-opacity-40">
 					</div>
 					<div class="mt-8 md:flex md:items-center">
 						<button class="w-full px-6 py-3 text-sm font-medium tracking-wide text-white capitalize transition-colors duration-300 transform bg-blue-500 rounded-lg md:w-1/2 hover:bg-blue-400 focus:outline-none focus:ring focus:ring-blue-300 focus:ring-opacity-50">