diff --git a/src/app/api/customer/AuthController.ts b/src/app/api/customer/AuthController.ts
index 55c922a2..ab47bf6e 100644
--- a/src/app/api/customer/AuthController.ts
+++ b/src/app/api/customer/AuthController.ts
@@ -125,17 +125,23 @@ export default class AuthController extends ApiController {
 		const password = req.body["password"];
 
 		if (!email) {
-			this.httpBadRequest(response, "Email is required");
+			this.httpBadRequest(response, "email is required");
 			return;
 		}
 
 		if (!totpCode) {
-			this.httpBadRequest(response, "Sms code is required");
+			this.httpBadRequest(response, "totpCode is required");
 			return;
 		}
 
 		if (!password) {
-			this.httpBadRequest(response, "Password is required");
+			this.httpBadRequest(response, "password is required");
+			return;
+		}
+
+		const passwordRegex = new RegExp(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[A-Za-z\d@$!%*?&]{8,}$/);
+		if (!passwordRegex.test(password)) {
+			this.httpBadRequest(response, "Password must contain at least 8 characters, 1 uppercase, 1 lowercase and 1 number");
 			return;
 		}