diff --git a/.meteor/packages b/.meteor/packages
index 808cf439..d2b5d5b8 100644
--- a/.meteor/packages
+++ b/.meteor/packages
@@ -7,7 +7,6 @@
 meteor-base@1.5.1             # Packages every Meteor app needs to have
 mobile-experience@1.1.0       # Packages for a great mobile UX
 mongo@1.15.0                   # The database Meteor supports right now
-blaze-html-templates@1.0.4 # Compile .html files into Meteor Blaze views
 reactive-var@1.0.11            # Reactive variable for tracker
 tracker@1.2.0                 # Meteor's client-side reactive programming library
 
@@ -36,3 +35,5 @@ oauth@2.1.2
 accounts-base@2.2.3
 accounts-oauth@1.4.1
 oauth2@1.3.1
+browser-policy-framing
+blaze-html-templates
diff --git a/.meteor/versions b/.meteor/versions
index 0b91b81d..f9540337 100644
--- a/.meteor/versions
+++ b/.meteor/versions
@@ -7,10 +7,12 @@ babel-compiler@7.9.0
 babel-runtime@1.5.1
 base64@1.0.12
 binary-heap@1.0.11
-blaze@2.5.0
-blaze-html-templates@1.2.1
+blaze@2.6.0
+blaze-html-templates@2.0.0
 blaze-tools@1.1.3
 boilerplate-generator@1.7.1
+browser-policy-common@1.0.11
+browser-policy-framing@1.1.0
 caching-compiler@1.2.2
 caching-html-compiler@1.2.1
 callback-hook@1.4.0
@@ -64,7 +66,7 @@ oauth@2.1.2
 oauth2@1.3.1
 observe-sequence@1.0.20
 ordered-dict@1.1.0
-ostrio:flow-router-extra@3.7.5
+ostrio:flow-router-extra@3.8.0
 ostrio:logger@2.1.1
 ostrio:loggerconsole@2.1.0
 promise@0.12.0
@@ -80,17 +82,16 @@ service-configuration@1.3.0
 sha@1.0.9
 shell-server@0.5.0
 socket-stream-client@0.5.0
-spacebars@1.2.0
+spacebars@1.3.0
 spacebars-compiler@1.3.1
 standard-minifier-css@1.8.1
 standard-minifier-js@2.8.0
-templating@1.4.1
+templating@1.4.2
 templating-compiler@1.4.1
-templating-runtime@1.5.0
+templating-runtime@1.6.0
 templating-tools@1.2.2
 tracker@1.2.0
 tunguska:reactive-aggregate@1.3.8
-ui@1.0.13
 underscore@1.0.10
 url@1.3.2
 webapp@1.13.1
diff --git a/imports/api/globalsettings/globalsettings.js b/imports/api/globalsettings/globalsettings.js
index 0c78b711..88d7413a 100644
--- a/imports/api/globalsettings/globalsettings.js
+++ b/imports/api/globalsettings/globalsettings.js
@@ -120,4 +120,7 @@ defaultSettings.push({
 defaultSettings.push({
   name: 'holidayRegion', description: 'settings.holiday_region', type: 'text', value: '',
 })
+defaultSettings.push({
+  name: 'XFrameOptionsOrigin', description: 'settings.xframe_options_origin', type: 'text', value: '',
+})
 export { defaultSettings, Globalsettings }
diff --git a/imports/api/timecards/server/publications.js b/imports/api/timecards/server/publications.js
index ccf0edc3..5033a705 100644
--- a/imports/api/timecards/server/publications.js
+++ b/imports/api/timecards/server/publications.js
@@ -72,7 +72,7 @@ Meteor.publish('userTimeCardsForPeriodByProjectByTask', function periodTimecards
         entries: { $push: '$$ROOT' },
       },
     },
-  ], { clientCollection: 'clientTimecards' })
+  ], { clientCollection: 'clientTimecards', specificWarnings: { objectId: false } })
 })
 Meteor.publish('myTimecardsForDate', function myTimecardsForDate({ date }) {
   check(date, String)
diff --git a/imports/startup/server/startup.js b/imports/startup/server/startup.js
index cb289d4a..9eda78b1 100644
--- a/imports/startup/server/startup.js
+++ b/imports/startup/server/startup.js
@@ -1,4 +1,5 @@
 import { AccountsAnonymous } from 'meteor/faburem:accounts-anonymous'
+import { BrowserPolicy } from 'meteor/browser-policy-framing'
 import Extensions from '../../api/extensions/extensions.js'
 import { defaultSettings, Globalsettings } from '../../api/globalsettings/globalsettings.js'
 import { getGlobalSetting } from '../../utils/frontend_helpers'
@@ -21,7 +22,7 @@ Meteor.startup(() => {
   if (getGlobalSetting('enableOpenIDConnect')) {
     import('../../utils/oidc_server').then((Oidc) => {
       Oidc.registerOidc()
-    });
+    })
   }
   for (const extension of Extensions.find({})) {
     if (extension.isActive) {
@@ -34,7 +35,9 @@ Meteor.startup(() => {
       eval(extension.server)
     }
   }
-
+  if (getGlobalSetting('XFrameOptionsOrigin')) {
+    BrowserPolicy.framing.restrictToOrigin(getGlobalSetting('XFrameOptionsOrigin'))
+  }
   if (process.env.NODE_ENV !== 'development') {
     // eslint-disable-next-line no-console
     console.log(`titra started on port ${process.env.PORT}`)
diff --git a/imports/ui/pages/register.html b/imports/ui/pages/register.html
index ce9c0d6a..4264651a 100644
--- a/imports/ui/pages/register.html
+++ b/imports/ui/pages/register.html
@@ -22,12 +22,12 @@ <h3>{{t "login.register"}}</h3>
                   <input type="email" class="form-control" id="at-field-email" name="at-field-email" placeholder="Email" autocapitalize="none" autocorrect="off" value="{{email}}">
                   <span class="help-block hide"></span>
                 </div>
-                <div class="at-input mb-3 has-feedback">
+                <div class="at-input mb-3">
                   <label class="control-label" for="at-field-password">
                     {{t "login.password"}}
                   </label>
                   <input type="password" class="form-control" id="at-field-password" name="at-field-password" placeholder="{{t 'login.password'}}" autocapitalize="none" autocorrect="off">
-                  <span class="help-block hide"></span>
+                  <div class="js-password-feedback invalid-feedback hide"></div>
                 </div>
                 <div class="at-input mb-3 has-feedback">
                   <label class="control-label" for="at-field-password_again">
diff --git a/imports/ui/pages/register.js b/imports/ui/pages/register.js
index d6128d0b..36ccbd6a 100644
--- a/imports/ui/pages/register.js
+++ b/imports/ui/pages/register.js
@@ -1,5 +1,6 @@
 import { FlowRouter } from 'meteor/ostrio:flow-router-extra'
 import { t } from '../../utils/i18n.js'
+import { validateEmail, validatePassword } from '../../utils/frontend_helpers.js' 
 import './register.html'
 
 Template.register.events({
@@ -13,6 +14,20 @@ Template.register.events({
       return
     }
     if (templateInstance.$('#at-field-email').val() && templateInstance.$('#at-field-password').val() && templateInstance.$('#at-field-password-again').val()) {
+      if (!validateEmail(templateInstance.$('#at-field-email').val())) {
+        templateInstance.$('#at-field-email').addClass('is-invalid')
+        templateInstance.$('.notification').text(t('login.invalid_email'))
+        document.querySelector('.notification').classList.toggle('d-none')
+        return
+      }
+      const passwordValidation = validatePassword(templateInstance.$('#at-field-password').val())
+      if (!passwordValidation.valid) {
+        templateInstance.$('#at-field-password').addClass('is-invalid')
+        templateInstance.$('#at-field-password-again').addClass('is-invalid')
+        templateInstance.$('.notification').text(passwordValidation.message)
+        document.querySelector('.notification').classList.toggle('d-none')
+        return
+      }
       Accounts.createUser({
         email: templateInstance.$('#at-field-email').val(),
         password: templateInstance.$('#at-field-password').val(),
@@ -32,6 +47,24 @@ Template.register.events({
       })
     }
   },
+  'keyup #at-field-password': (event, templateInstance) => {
+    event.preventDefault()
+    const validetedPW = validatePassword(templateInstance.$('#at-field-password').val())
+    templateInstance.$('.js-password-feedback').text(validetedPW.message)
+    if (validetedPW.valid) {
+      templateInstance.$('#at-field-password').removeClass('is-invalid')
+      templateInstance.$('#at-field-password-again').removeClass('is-invalid')
+      templateInstance.$('.js-password-feedback').removeClass('invalid-feedback')
+      templateInstance.$('.js-password-feedback').addClass('valid-feedback')
+      templateInstance.$('.js-password-feedback').removeClass('hide')
+    } else {
+      templateInstance.$('#at-field-password').addClass('is-invalid')
+      templateInstance.$('.js-password-feedback').removeClass('valid-feedback')
+      templateInstance.$('.js-password-feedback').addClass('invalid-feedback')
+      templateInstance.$('.js-password-feedback').removeClass('hide')
+      templateInstance.$('.js-password-feedback').addClass('d-block')
+    }
+  },
 })
 Template.register.helpers({
   email: () => FlowRouter.getQueryParam('email'),
diff --git a/imports/ui/pages/signIn.html b/imports/ui/pages/signIn.html
index 127f868d..58543e91 100644
--- a/imports/ui/pages/signIn.html
+++ b/imports/ui/pages/signIn.html
@@ -49,7 +49,7 @@ <h3>{{t "login.sign_in"}}</h3>
             <div class="at-signup-link mt-2">
               <p>
                 {{t "login.no_account"}}
-                <a href="/join" id="at-signUp" class="at-link at-signup">{{t "login.register"}}</a>
+                <a href="#" id="at-signUp" class="at-link at-signup js-register">{{t "login.register"}}</a>
               </p>
             </div>
           {{/unless}}
diff --git a/imports/ui/pages/signIn.js b/imports/ui/pages/signIn.js
index 2fc4e96e..f5b711a6 100644
--- a/imports/ui/pages/signIn.js
+++ b/imports/ui/pages/signIn.js
@@ -6,10 +6,10 @@ import './signIn.html'
 
 function handleLoginResult(error, templateInstance) {
   if (error) {
-    if(error.message) {
-      templateInstance.$('.notification').text(error.message)
-    } else {
+    if (error.error === 403 || error.error === 400) {
       templateInstance.$('.notification').text(t(`login.${error.error}`))
+    } else {
+      templateInstance.$('.notification').text(error.message)
     }
     document.querySelector('.notification').classList.remove('d-none')
   } else {
@@ -51,7 +51,7 @@ function signIn(event, templateInstance) {
 
 Template.signIn.helpers({
   isOidcConfigured: () => isOidcConfigured(),
-  disableUserRegistration: () => getGlobalSetting("disableUserRegistration")
+  disableUserRegistration: () => getGlobalSetting('disableUserRegistration'),
 })
 
 Template.signIn.events({
@@ -80,4 +80,8 @@ Template.signIn.events({
       templateInstance.$('#at-field-email').addClass('is-invalid')
     }
   },
+  'click .js-register': (event, templateInstance) => {
+    event.preventDefault()
+    FlowRouter.go('register', {}, { email: templateInstance.$('#at-field-email').val() })
+  },
 })
diff --git a/imports/ui/styles/dark.scss b/imports/ui/styles/dark.scss
index 90d800b2..eb5dc054 100644
--- a/imports/ui/styles/dark.scss
+++ b/imports/ui/styles/dark.scss
@@ -4,7 +4,7 @@ $secondary:                             #272727;       // Background-Color for a
 $success:                               #009688;       
 $info:                                  #86a8a5;
 $warning:                               #cb9800;
-$danger:                                #3b1516;
+$danger:                                #f57c80;
 $light:                                 #BDBDBD;
 $dark:                                  #212529;
 $dark-border:                           #3a3a3a;
diff --git a/imports/ui/translations/de.json b/imports/ui/translations/de.json
index c3e208f9..7d63ee45 100644
--- a/imports/ui/translations/de.json
+++ b/imports/ui/translations/de.json
@@ -171,7 +171,8 @@
     "holiday": "Feiertage",
     "holiday_country": "Land",
     "holiday_state": "Bundesland",
-    "holiday_region": "Region/Stadt"
+    "holiday_region": "Region/Stadt",
+    "xframe_options_origin": "X-Frame-Options header origin URL"
   },
   "customer": {
     "select_customer": "Kunde auswählen",
@@ -328,7 +329,12 @@
     "password_mismatch": "Die eingegebenen Passwörter stimmen nicht überein. Bitte überprüfen Sie Ihre Eingabe.",
     "permanent_account": "Permanenten Zugang erstellen",
     "anonymous_account_warning": "Sie verwenden aktuell einen temporären Account. Wenn Sie titra auf einem anderen Gerät verwenden möchten, erstellen Sie bitte einen Benutzer mit E-mail Addresse und Passwort.",
-    "registration_disabled_warning": "Die Registrierung neuer Benutzer ist auf dieser titra Instanz deaktiviert."
+    "registration_disabled_warning": "Die Registrierung neuer Benutzer ist auf dieser titra Instanz deaktiviert.",
+    "invalid_email": "Ungültige E-mail Adresse",
+    "password_insufficient": "Das gewählte Passwort ist zu schwach. Bitte wählen Sie ein Passwort mit mindestens 8 Zeichen.",
+    "password_strong": "Passwort Sicherheit: Hoch",
+    "password_medium": "Passwort Sicherheit: Mittel",
+    "password_weak": "Passwort Sicherheit: Niedrig"
   },
   "about": {
     "documentation": "Dokumentation",
diff --git a/imports/ui/translations/en.json b/imports/ui/translations/en.json
index a691f766..8ba7c88d 100644
--- a/imports/ui/translations/en.json
+++ b/imports/ui/translations/en.json
@@ -172,7 +172,8 @@
     "holiday": "Holiday",
     "holiday_country": "Holiday Country",
     "holiday_state": "Holiday State",
-    "holiday_region": "Holyday Region"
+    "holiday_region": "Holyday Region",
+    "xframe_options_origin": "X-Frame-Options header origin URL"
   },
   "customer": {
     "select_customer": "Select a customer",
@@ -322,7 +323,12 @@
     "permanent_account": "Create permanent account",
     "email_unknown": "Sorry, but we could not find an account with the provided e-mail adress.",
     "anonymous_account_warning": "You are currently logged in using a temporary account which can only be used on this device. If you want to use titra on other devices, please create a regular user with an e-mail address and password below.",
-    "registration_disabled_warning": "New user registration has been disabled on this titra instance."
+    "registration_disabled_warning": "New user registration has been disabled on this titra instance.",
+    "invalid_email": "Invalid e-mail address",
+    "password_insufficient": "The password must be at least 8 characters long.",
+    "password_strong": "Password strength: strong",
+    "password_medium": "Password strength: medium",
+    "password_weak": "Password strength: weak"
   },
   "about": {
     "documentation": "Documentation",
diff --git a/imports/utils/frontend_helpers.js b/imports/utils/frontend_helpers.js
index 0df3f871..f5cde8a1 100644
--- a/imports/utils/frontend_helpers.js
+++ b/imports/utils/frontend_helpers.js
@@ -79,7 +79,21 @@ function validateEmail(email) {
   const re = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/
   return re.test(String(email).toLowerCase())
 }
-
+function validatePassword(pwd) {
+  const strongRegex = /^(?=.{14,})(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9])(?=.*\W).*$/g
+  const mediumRegex = /^(?=.{10,})(((?=.*[A-Z])(?=.*[a-z]))|((?=.*[A-Z])(?=.*[0-9]))|((?=.*[a-z])(?=.*[0-9]))).*$/g
+  const enoughRegex = /(?=.{8,}).*/g
+  if (pwd.length === 0) {
+    return { valid: false, message: t('login.password_insufficient') }
+  } if (enoughRegex.test(pwd) === false) {
+    return { valid: false, message: t('login.password_insufficient') }
+  } if (strongRegex.test(pwd)) {
+    return { valid: true, message: t('login.password_strong') }
+  } if (mediumRegex.test(pwd)) {
+    return { valid: true, message: t('login.password_medium') }
+  }
+  return { valid: true, message: t('login.password_weak') }
+}
 async function emojify(match) {
   const emojiImport = await import('node-emoji')
   return emojiImport.default.emojify(match, (name) => name)
@@ -128,6 +142,7 @@ export {
   timeInUserUnit,
   displayUserAvatar,
   validateEmail,
+  validatePassword,
   emojify,
   getGlobalSetting,
   numberWithUserPrecision,
diff --git a/package-lock.json b/package-lock.json
index b43d76c6..da155d52 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "titra",
-  "version": "0.76.1",
+  "version": "0.77.2",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -564,7 +564,7 @@
     "assert-plus": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
-      "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU="
+      "integrity": "sha512-NfJ4UzBCcQGLDlQq7nHxH+tv3kyZ0hHQqF5BO6J7tNJeP5do1llPr8dZ8zHonfhAu0PHAdMkSo+8o0wxg9lZWw=="
     },
     "astronomia": {
       "version": "4.1.1",
@@ -574,7 +574,7 @@
     "backoff": {
       "version": "2.5.0",
       "resolved": "https://registry.npmjs.org/backoff/-/backoff-2.5.0.tgz",
-      "integrity": "sha1-9hbtqdPktmuMp/ynn2lXIsX44m8=",
+      "integrity": "sha512-wC5ihrnUXmR2douXmXLCe5O3zg3GKIyvRi/hi58a/XyRxVI+3/yM0PYueQOZXPXQ9pxBislYkw+sF9b7C/RuMA==",
       "requires": {
         "precond": "0.2"
       }
@@ -766,9 +766,9 @@
       "integrity": "sha512-mpC1izx7lUSLYl4B88V2W57eNB4xS2ic+ahxK2AYUsaBTsCeHzT6K5ymUKzL9YPFf/GlygFqpiD4/NO1hxDsLw=="
     },
     "date-holidays": {
-      "version": "3.16.0",
-      "resolved": "https://registry.npmjs.org/date-holidays/-/date-holidays-3.16.0.tgz",
-      "integrity": "sha512-VrMmYr+o1AAGdlw9Tpy5kDhH6F9hpjsXELeOsxJcyiVfgSIdK2pGnGapnQwaesPV2jJw9AFgx99wVCjvyyJpnw==",
+      "version": "3.16.1",
+      "resolved": "https://registry.npmjs.org/date-holidays/-/date-holidays-3.16.1.tgz",
+      "integrity": "sha512-0DhPUn6QI6/EfKx+OSVkixo1Jq7PdkCaULj9rYZLjuh+MQYuxar3cMrANHGrAwilI2X4SdByyQTYhotBHgcm6A==",
       "requires": {
         "date-holidays-parser": "^3.4.1",
         "js-yaml": "^4.1.0",
@@ -1450,9 +1450,9 @@
       "integrity": "sha512-9TC3/+YVUi84yYoEbxFiSqu+1FQ5If/ydUNj6i8FRpwynd08t6a7RkS+IRJozAk6NfdL8/LVTTE1DUOjjKZZxg=="
     },
     "frappe-datatable": {
-      "version": "1.16.3",
-      "resolved": "https://registry.npmjs.org/frappe-datatable/-/frappe-datatable-1.16.3.tgz",
-      "integrity": "sha512-XjAU114pBCd78ey8MPpzVB14AgWeH2xZJ9/FWDOQLOVX1NX0lRasiBu8pp59bnGVA7y/hv7fduz7BnBgxMNBPg==",
+      "version": "1.16.5",
+      "resolved": "https://registry.npmjs.org/frappe-datatable/-/frappe-datatable-1.16.5.tgz",
+      "integrity": "sha512-vSjPSLKUEFg6l42afKNJByilWpGpipI2eBWQT7bS14I8xc5nh1DoUEHkdMd4/XyzMWozGJQY5guonJIOqWh0Gw==",
       "requires": {
         "hyperlist": "^1.0.0-beta",
         "lodash": "^4.17.5",
@@ -1889,15 +1889,15 @@
     "ldap-filter": {
       "version": "0.3.3",
       "resolved": "https://registry.npmjs.org/ldap-filter/-/ldap-filter-0.3.3.tgz",
-      "integrity": "sha1-KxTGiiqdQQTb28kQocqF/Riel5c=",
+      "integrity": "sha512-/tFkx5WIn4HuO+6w9lsfxq4FN3O+fDZeO9Mek8dCD8rTUpqzRa766BOBO7BcGkn3X86m5+cBm1/2S/Shzz7gMg==",
       "requires": {
         "assert-plus": "^1.0.0"
       }
     },
     "ldapjs": {
-      "version": "2.3.2",
-      "resolved": "https://registry.npmjs.org/ldapjs/-/ldapjs-2.3.2.tgz",
-      "integrity": "sha512-FU+GR/qbQ96WUZ2DUb7FzaEybYvv3240wTVPcbsdELB3o4cK92zGVjntsh68siVkLeCmlCcsd/cIQzyGXSS7LA==",
+      "version": "2.3.3",
+      "resolved": "https://registry.npmjs.org/ldapjs/-/ldapjs-2.3.3.tgz",
+      "integrity": "sha512-75QiiLJV/PQqtpH+HGls44dXweviFwQ6SiIK27EqzKQ5jU/7UFrl2E5nLdQ3IYRBzJ/AVFJI66u0MZ0uofKYwg==",
       "requires": {
         "abstract-logging": "^2.0.0",
         "asn1": "^0.2.4",
@@ -3074,7 +3074,7 @@
     "precond": {
       "version": "0.2.3",
       "resolved": "https://registry.npmjs.org/precond/-/precond-0.2.3.tgz",
-      "integrity": "sha1-qpWRvKokkj8eD0hJ0kD0fvwQdaw="
+      "integrity": "sha512-QCYG84SgGyGzqJ/vlMsxeXd/pgL/I94ixdNFyh1PusWmTCyVfPJjZ1K1jvHtsbfnXQs2TSkEP2fR7QiMZAnKFQ=="
     },
     "prelude-ls": {
       "version": "1.2.1",
diff --git a/package.json b/package.json
index 13620016..ea481ceb 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "titra",
-  "version": "0.77.1",
+  "version": "0.78.0",
   "private": true,
   "scripts": {
     "start": "meteor run"
@@ -18,19 +18,19 @@
     "bcrypt": "^5.0.1",
     "bootstrap": "^5.1.3",
     "content-type": "^1.0.4",
-    "date-holidays": "^3.16.0",
+    "date-holidays": "^3.16.1",
     "dayjs": "^1.11.3",
     "dayjs-precise-range": "^1.0.1",
     "docker-names": "^1.2.1",
     "file-saver": "^2.0.5",
     "frappe-charts": "1.6.2",
-    "frappe-datatable": "^1.16.3",
+    "frappe-datatable": "^1.16.5",
     "frappe-gantt": "^0.6.1",
     "hotkeys-js": "^3.9.4",
     "is-dark": "^1.0.4",
     "jquery": "3.6.0",
     "jquery-serializejson": "^3.2.1",
-    "ldapjs": "^2.3.2",
+    "ldapjs": "^2.3.3",
     "math-expression-evaluator": "^1.3.14",
     "meteor-node-stubs": "^1.2.3",
     "namedavatar": "^1.2.0",