diff --git a/README.md b/README.md
index 81d1da0..ab05554 100644
--- a/README.md
+++ b/README.md
@@ -40,7 +40,12 @@ SQL Injection (Unsanitized SQL query for search)
 FLAW 4:
 > ADD EXACT SOURCE LINK
 
-Identification and Authentication Failure (No password strength checks)
+(Identification and Authentication Failures) As is, the application performs no checks for weak passwords.
+This makes users more vulnerable to attacks based on trying common and weak passwords, escpecially if the password database gets leaked (See also flaws 2 and 3).
+
+The fix for this issue is to perform server-side validation on new passwords, and checking that they are reasonable.
+Django includes a simple built-in validator which checks that the password has a minimum length (default 8, in this app 10), is not too similar to the username, is not a common password (20000 password list) and is not purely numeric.
+These checks are implemented in the commented out code, and would significantly improve the situation.
 
 FLAW 5:
 > ADD EXACT SOURCE LINK
diff --git a/notes/views.py b/notes/views.py
index e9098a9..99e537e 100644
--- a/notes/views.py
+++ b/notes/views.py
@@ -99,11 +99,13 @@ def register_view(request):
         # Password validation
         if password1 != password2:
             errors.append("Passwords don't match.")
-        try:
-            validate_password(password1)
-        except ValidationError as error:
-            for message in error.messages:
-                errors.append(message)
+# FLAW 4:
+# Adding some sensible password validation would fix the problem
+#        try:
+#            validate_password(password1)
+#        except ValidationError as error:
+#            for message in error.messages:
+#                errors.append(message)
 
         if not errors:
             user = User.objects.create_user(username=username, password=password1)
diff --git a/project/settings.py b/project/settings.py
index fe96eea..5b81bdd 100644
--- a/project/settings.py
+++ b/project/settings.py
@@ -91,6 +91,9 @@ AUTH_PASSWORD_VALIDATORS = [
     },
     {
         'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+        'OPTIONS': {
+            'min_length': 10,
+        }
     },
     {
         'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',