diff --git a/core/includes/form.inc b/core/includes/form.inc
index 15c6634..4210e13 100644
--- a/core/includes/form.inc
+++ b/core/includes/form.inc
@@ -1182,9 +1182,13 @@ function form_process_password_confirm($element) {
 function password_confirm_validate($element, &$element_state) {
   $pass1 = trim($element['pass1']['#value']);
   $pass2 = trim($element['pass2']['#value']);
-  if (!empty($pass1) || !empty($pass2)) {
-    if (strcmp($pass1, $pass2)) {
-      form_error($element, $element_state, t('The specified passwords do not match.'));
+  // Check that the main password is long enough (4).
+  if (strlen($pass1) < 4) {
+    form_error($element, t('Password must be atleast 4 characters long.'));
+    if (!empty($pass1) || !empty($pass2)) {
+      if (strcmp($pass1, $pass2)) {
+        form_error($element, $element_state, t('The specified passwords do not match.'));
+      }
     }
   }
   elseif ($element['#required'] && !empty($element_state['input'])) {
diff --git a/core/modules/user/user.js b/core/modules/user/user.js
index 1748a2c..7e1987b 100644
--- a/core/modules/user/user.js
+++ b/core/modules/user/user.js
@@ -100,9 +100,9 @@
     var username = (usernameBox.length > 0) ? usernameBox.val() : translate.username;
 
     // Lose 5 points for every character less than 6, plus a 30 point penalty.
-    if (password.length < 6) {
+    if (password.length < translate.numCharacters) {
       msg.push(translate.tooShort);
-      strength -= ((6 - password.length) * 5) + 30;
+      strength -= ((translate.numCharacters - password.length) * 5) + 30;
     }
 
     // Count weaknesses.
diff --git a/core/modules/user/user.module b/core/modules/user/user.module
index 9b2194b..e4e6da3 100644
--- a/core/modules/user/user.module
+++ b/core/modules/user/user.module
@@ -26,6 +26,11 @@
 const USERNAME_MAX_LENGTH = 60;
 
 /**
+ * Minimum password length.
+ */
+const PASSWORD_MIN_LENGTH = 4;
+
+/**
  * Only administrators can create user accounts.
  */
 const USER_REGISTER_ADMINISTRATORS_ONLY = 'admin_only';
@@ -1681,6 +1686,7 @@ function user_form_process_password_confirm($element) {
 
     global $user;
     $password_settings['showStrengthIndicator'] = TRUE;
+    $password_settings['numCharacters'] = PASSWORD_MIN_LENGTH;
     $password_settings += array(
       'strengthTitle' => t('Password strength:'),
       'hasWeaknesses' => t('To make your password stronger:'),