=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AccountController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AccountController.java	2013-12-19 11:50:58 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AccountController.java	2013-12-19 12:07:47 +0000
@@ -378,6 +378,24 @@
             return objectMapper.writeValueAsString( result );
         }
 
+        if ( password == null || !ValidationUtils.passwordIsValid( password ) )
+        {
+            response.setStatus( HttpServletResponse.SC_BAD_REQUEST );
+            result.put( "status", "PASSWORD_INVALID" );
+            result.put( "message", "Password is not specified or invalid" );
+
+            return objectMapper.writeValueAsString( result );
+        }
+
+        if ( password.trim().equals( username.trim() ) )
+        {
+            response.setStatus( HttpServletResponse.SC_BAD_REQUEST );
+            result.put( "status", "PASSWORD_EQUAL_TO_USERNAME" );
+            result.put( "message", "Password cannot be equal to username" );
+
+            return objectMapper.writeValueAsString( result );
+        }
+
         String passwordEncoded = passwordManager.encodePassword( username, password );
 
         credentials.setPassword( passwordEncoded );