diff --git a/tcms/settings/common.py b/tcms/settings/common.py
index 96fe777917..9dfed7fdf8 100644
--- a/tcms/settings/common.py
+++ b/tcms/settings/common.py
@@ -92,6 +92,25 @@
 # handler!
 AUTO_APPROVE_NEW_USERS = True
 
+# Password validation rules, see
+# https://docs.djangoproject.com/en/4.1/topics/auth/passwords/#enabling-password-validation
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
+        "OPTIONS": {
+            "min_length": 10,
+        },
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
+    },
+]
 
 # Set to False if you want to enforce account creation by admins.
 REGISTRATION_ENABLED = (