diff --git a/app/Http/Requests/UserRequest.php b/app/Http/Requests/UserRequest.php
index e40f532d1e5856b61515b4d4659ca30d223e749e..699db5323ec97f647fedfd03646329877196653b 100644
--- a/app/Http/Requests/UserRequest.php
+++ b/app/Http/Requests/UserRequest.php
@@ -30,7 +30,7 @@ public function rules()
             'lastname' => 'string|nullable',
             'email' => 'nullable|email',
             'organization_id' => 'int|nullable',
-            'password' => 'string|nullable|min:9',
+            'password' => 'string|nullable|min:9|regex:/[0-9]/',
             'role' => 'int',
             'last_login' => 'string|nullable',
             'civility' => 'string|required',
diff --git a/tests/Feature/UsersControllerTest.php b/tests/Feature/UsersControllerTest.php
index c32248c252be5905595e467b1dd24676dec6b0a4..1a03b18d748b6c0ffeb58d494e5029062a0c213a 100644
--- a/tests/Feature/UsersControllerTest.php
+++ b/tests/Feature/UsersControllerTest.php
@@ -248,7 +248,7 @@ public function testAdminCanCreateUser()
             'firstname' => 'FIRSTNAME',
             'lastname' => 'LASTNAME',
             'email' => 'test@datakode.fr',
-            'password' => 'secret',
+            'password' => '1strongpassword',
             'role' => User::ROLE_USER,
             'organization_id' => 1,
             'civility' => 'Madame',
@@ -278,6 +278,51 @@ public function testAdminCanCreateUser()
         $this->assertEquals(1, $newUser->organization_id);
     }
 
+
+    /**
+     * Test user create.
+     */
+    public function testShortPasswordFails()
+    {
+        $user = User::where('role', User::ROLE_ADMIN)->with('organization')->first();
+
+        $response = $this->actingAs($user)->postJson(route('api.users.post'), [
+            'firstname' => 'FIRSTNAME',
+            'lastname' => 'LASTNAME',
+            'email' => 'test@datakode.fr',
+            'password' => 'test',
+            'role' => User::ROLE_USER,
+            'organization_id' => 1,
+            'civility' => 'Madame',
+        ]);
+
+        $response->assertStatus(422);
+
+        $response->assertJson(['message' => 'Le texte password doit contenir au moins 9 caractères.']);
+    }
+
+    /**
+     * Test user create.
+     */
+    public function testNoNumberPasswordFails()
+    {
+        $user = User::where('role', User::ROLE_ADMIN)->with('organization')->first();
+
+        $response = $this->actingAs($user)->postJson(route('api.users.post'), [
+            'firstname' => 'FIRSTNAME',
+            'lastname' => 'LASTNAME',
+            'email' => 'test@datakode.fr',
+            'password' => 'testtesttest',
+            'role' => User::ROLE_USER,
+            'organization_id' => 1,
+            'civility' => 'Madame',
+        ]);
+
+        $response->assertStatus(422);
+
+        $response->assertJson(['message' => 'Le format du champ password est invalide.']);
+    }
+
     /**
      * Test user create.
      */
@@ -289,7 +334,7 @@ public function testUserCannotCreateUser()
             'firstname' => 'FIRSTNAME',
             'lastname' => 'LASTNAME',
             'email' => 'test@datakode.fr',
-            'password' => 'secret',
+            'password' => '1strongpassword',
             'role' => User::ROLE_USER,
             'civility' => 'Madame',
         ]);