diff --git a/packages/worker/src/sdk/auth/auth.ts b/packages/worker/src/sdk/auth/auth.ts
index 1f9da8a260..be5de649da 100644
--- a/packages/worker/src/sdk/auth/auth.ts
+++ b/packages/worker/src/sdk/auth/auth.ts
@@ -7,6 +7,7 @@ import {
   tenancy,
   utils as coreUtils,
   cache,
+  security,
 } from "@budibase/backend-core"
 import { PlatformLogoutOpts, User } from "@budibase/types"
 import jwt from "jsonwebtoken"
@@ -73,6 +74,11 @@ export const reset = async (email: string) => {
  * Perform the user password update if the provided reset code is valid.
  */
 export const resetUpdate = async (resetCode: string, password: string) => {
+  const validation = security.validatePassword(password)
+  if (!validation.valid) {
+    throw new HTTPError(validation.error, 400)
+  }
+
   const { userId } = await cache.passwordReset.getCode(resetCode)
 
   let user = await userSdk.db.getUser(userId)