diff --git a/src/grung/objects.py b/src/grung/objects.py
index 12cbb98..bc254b2 100644
--- a/src/grung/objects.py
+++ b/src/grung/objects.py
@@ -15,7 +15,7 @@ from tinydb import TinyDB, where
 
 import grung.types
 from grung.exceptions import PointerReferenceError
-from grung.validators import PointerReferenceValidator, UniqueValidator
+from grung.validators import LengthValidator, PatternValidator, PointerReferenceValidator, UniqueValidator
 
 Metadata = namedtuple("Metadata", ["table", "fields", "backrefs", "primary_key"])
 
@@ -222,6 +222,11 @@ class Password(Field):
     salt_size = 4
     digest_size = 16
 
+    input_validators = [
+        PatternValidator(re.compile(r"(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[-+_!@#$%^&*.,?<>()])")),
+        LengthValidator(min=8, max=64),
+    ]
+
     @classmethod
     def is_digest(cls, passwd: str):
         if not passwd:
@@ -252,6 +257,8 @@ class Password(Field):
 
     def before_insert(self, value: value_type, db: TinyDB, record: Record) -> None:
         if value and not self.__class__.is_digest(value):
+            for validator in self.input_validators:
+                validator.validate(record, self, db)
             digest, salt = self.__class__.get_digest(value)
             record[self.name] = f"{salt}:{digest}"
 
diff --git a/test/test_db.py b/test/test_db.py
index 03310f9..9a1899a 100644
--- a/test/test_db.py
+++ b/test/test_db.py
@@ -131,22 +131,22 @@ def test_search(db):
 
 
 def test_password(db):
-    user = db.save(examples.User(name="john", email="john@foo", password="fnord"))
+    user = db.save(examples.User(name="john", email="john@foo", password="Fnord!@#%5"))
 
     # make sure we don't compute the digest on an existing digest
     user = db.save(user)
 
     assert ":" in user.password
-    assert user.password != "fnord"
+    assert user.password != "Fnord!@#%5"
 
     check = user._metadata.fields["password"].compare
-    assert check("fnord", user.password)
+    assert check("Fnord!@#%5", user.password)
     assert not check("wrong password", user.password)
     assert not check("", user.password)
 
 
 def test_datetime(db):
-    user = db.save(examples.User(name="john", email="john@foo", password="fnord", created=datetime.utcnow()))
+    user = db.save(examples.User(name="john", email="john@foo", password="Fnord!@#%5", created=datetime.utcnow()))
     assert user.created > datetime.utcfromtimestamp(0)
     assert user.created < datetime.utcnow()
     assert user.last_updated == user.created
@@ -230,7 +230,7 @@ def test_file_pointers(db):
     ],
 )
 def test_validators(updates, expected, db):
-    user = db.save(examples.User(name="john", email="john@foo", password="fnord", created=datetime.utcnow()))
+    user = db.save(examples.User(name="john", email="john@foo", password="Fnord!@#%5", created=datetime.utcnow()))
     with pytest.raises(expected):
         user.update(**updates)
         db.save(user)