diff --git a/internal/handler/auth.go b/internal/handler/auth.go
index f0b9ef3..b746abd 100644
--- a/internal/handler/auth.go
+++ b/internal/handler/auth.go
@@ -43,6 +43,11 @@ func (h *Handler) RegisterPost(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if len(register.Password) < 8 {
+		badRequest(w, errors.New("password must be at least 8 characters long"))
+		return
+	}
+
 	hashedPassword, err := bcrypt.GenerateFromPassword(
 		[]byte(register.Password),
 		bcrypt.DefaultCost,