diff --git a/src/main/scala/gitbucket/core/controller/AccountController.scala b/src/main/scala/gitbucket/core/controller/AccountController.scala
index b7f86e294..4786bea44 100644
--- a/src/main/scala/gitbucket/core/controller/AccountController.scala
+++ b/src/main/scala/gitbucket/core/controller/AccountController.scala
@@ -40,7 +40,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
 
   val newForm = mapping(
     "userName"    -> trim(label("User name"    , text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
-    "password"    -> trim(label("Password"     , text(required, maxlength(20)))),
+    "password"    -> trim(label("Password"     , text(required, maxlength(20), password))),
     "fullName"    -> trim(label("Full Name"    , text(required, maxlength(100)))),
     "mailAddress" -> trim(label("Mail Address" , text(required, maxlength(100), uniqueMailAddress()))),
     "description" -> trim(label("bio"          , optional(text()))),
@@ -49,7 +49,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   )(AccountNewForm.apply)
 
   val editForm = mapping(
-    "password"    -> trim(label("Password"     , optional(text(maxlength(20))))),
+    "password"    -> trim(label("Password"     , optional(text(maxlength(20), password)))),
     "fullName"    -> trim(label("Full Name"    , text(required, maxlength(100)))),
     "mailAddress" -> trim(label("Mail Address" , text(required, maxlength(100), uniqueMailAddress("userName")))),
     "description" -> trim(label("bio"          , optional(text()))),
diff --git a/src/main/scala/gitbucket/core/controller/SystemSettingsController.scala b/src/main/scala/gitbucket/core/controller/SystemSettingsController.scala
index e0373c1df..caebd04b2 100644
--- a/src/main/scala/gitbucket/core/controller/SystemSettingsController.scala
+++ b/src/main/scala/gitbucket/core/controller/SystemSettingsController.scala
@@ -106,7 +106,7 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
 
   val newUserForm = mapping(
     "userName"    -> trim(label("Username"     ,text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
-    "password"    -> trim(label("Password"     ,text(required, maxlength(20)))),
+    "password"    -> trim(label("Password"     ,text(required, maxlength(20), password))),
     "fullName"    -> trim(label("Full Name"    ,text(required, maxlength(100)))),
     "mailAddress" -> trim(label("Mail Address" ,text(required, maxlength(100), uniqueMailAddress()))),
     "isAdmin"     -> trim(label("User Type"    ,boolean())),
@@ -117,7 +117,7 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
 
   val editUserForm = mapping(
     "userName"    -> trim(label("Username"     ,text(required, maxlength(100), identifier))),
-    "password"    -> trim(label("Password"     ,optional(text(maxlength(20))))),
+    "password"    -> trim(label("Password"     ,optional(text(maxlength(20), password)))),
     "fullName"    -> trim(label("Full Name"    ,text(required, maxlength(100)))),
     "mailAddress" -> trim(label("Mail Address" ,text(required, maxlength(100), uniqueMailAddress("userName")))),
     "isAdmin"     -> trim(label("User Type"    ,boolean())),
diff --git a/src/main/scala/gitbucket/core/util/Validations.scala b/src/main/scala/gitbucket/core/util/Validations.scala
index 13feccd95..f34a1ee7c 100644
--- a/src/main/scala/gitbucket/core/util/Validations.scala
+++ b/src/main/scala/gitbucket/core/util/Validations.scala
@@ -19,6 +19,19 @@ trait Validations {
       }
   }
 
+  /**
+   * Constraint for the password.
+   */
+  def password: Constraint = new Constraint(){
+    override def validate(name: String, value: String, messages: Messages): Option[String] =
+      if(!value.matches("[a-zA-Z0-9\\-_.]+")){
+        Some(s"${name} contains invalid character.")
+      } else {
+        None
+      }
+  }
+
+
   /**
    * Constraint for the repository identifier.
    */