diff --git a/src/routes/authentication.js b/src/routes/authentication.js
index 60d231dfba..106d555992 100644
--- a/src/routes/authentication.js
+++ b/src/routes/authentication.js
@@ -209,15 +209,22 @@
 		var uid;
 		async.waterfall([
 			function(next) {
+				if (!userData.email) {
+					return next(new Error('[[error:invalid-email]]'));
+				}
+
 				if (!userData.username || userData.username.length < meta.config.minimumUsernameLength) {
 					return next(new Error('[[error:username-too-short]]'));
 				}
-				next();
-			},
-			function(next) {
-				if (!userData.username || userData.username.length > meta.config.maximumUsernameLength) {
+
+				if (userData.username.length > meta.config.maximumUsernameLength) {
 					return next(new Error('[[error:username-too-long'));
 				}
+
+				if (!userData.password || userData.password.length < meta.config.minimumPasswordLength) {
+					return next(new Error('[[user:change_password_error_length]]'));
+				}
+
 				next();
 			},
 			function(next) {
diff --git a/src/user/create.js b/src/user/create.js
index 9e873cf068..e43c612488 100644
--- a/src/user/create.js
+++ b/src/user/create.js
@@ -112,7 +112,7 @@ module.exports = function(User) {
 							groups.join('registered-users', userData.uid, next);
 						},
 						function(next) {
-							if (userData.email !== undefined) {
+							if (userData.email) {
 								db.setObjectField('email:uid', userData.email.toLowerCase(), userData.uid, next);
 								if (parseInt(userData.uid, 10) !== 1 && parseInt(meta.config.requireEmailConfirmation, 10) === 1) {
 									User.email.verify(userData.uid, userData.email);