diff --git a/src/routes/authentication.js b/src/routes/authentication.js
index 85461a346c..142c72bada 100644
--- a/src/routes/authentication.js
+++ b/src/routes/authentication.js
@@ -97,6 +97,9 @@
 				return res.redirect(nconf.get('relative_path') + '/register' + (err.message ? '?error=' + err.message : ''));
 			}
 
+			delete userData['password-confirm'];
+			delete userData['_csrf'];
+
 			user.create(userData, function(err, uid) {
 				if (err || !uid) {
 					return res.redirect(nconf.get('relative_path') + '/register');
diff --git a/src/user/create.js b/src/user/create.js
index 48e47ee8ce..32ca116f12 100644
--- a/src/user/create.js
+++ b/src/user/create.js
@@ -39,8 +39,8 @@ module.exports = function(User) {
 				next((!utils.isUserNameValid(userData.username) || !userData.userslug) ? new Error('[[error:invalid-username]]') : null);
 			},
 			function(next) {
-				if (userData.password) {
-					next(!utils.isPasswordValid(userData.password) ? new Error('[[error:invalid-password]]') : null);
+				if (password) {
+					next(!utils.isPasswordValid(password) ? new Error('[[error:invalid-password]]') : null);
 				} else {
 					next();
 				}