diff --git a/modules/Install/Controllers/InstallController.php b/modules/Install/Controllers/InstallController.php
index c5705c9fc3ce9cc31ab7fd3155c004b40d28e996..e0d131f238b67703936a5a9959122a3ac3c815d4 100644
--- a/modules/Install/Controllers/InstallController.php
+++ b/modules/Install/Controllers/InstallController.php
@@ -292,7 +292,18 @@ class InstallController extends Controller
      */
     public function attemptCreateSuperAdmin(): RedirectResponse
     {
+        // validate user password
+        $rules = [
+            'password' => 'required|strong_password',
+        ];
+
         $userModel = new UserModel();
+        if (! $this->validate($rules)) {
+            return redirect()
+                ->back()
+                ->withInput()
+                ->with('errors', $userModel->errors());
+        }
 
         // Save the user
         $user = new User([
@@ -301,6 +312,7 @@ class InstallController extends Controller
             'password' => $this->request->getPost('password'),
             'is_owner' => true,
         ]);
+
         try {
             $userModel->save($user);
         } catch (ValidationException) {