diff --git a/src/Umbraco.Web.UI.Client/src/common/resources/auth.resource.js b/src/Umbraco.Web.UI.Client/src/common/resources/auth.resource.js
index 5de92527d3..4f95893490 100644
--- a/src/Umbraco.Web.UI.Client/src/common/resources/auth.resource.js
+++ b/src/Umbraco.Web.UI.Client/src/common/resources/auth.resource.js
@@ -200,7 +200,7 @@ function authResource($q, $http, umbRequestHelper, angularHelper) {
 
       if (!newPassword) {
         return angularHelper.rejectedPromise({ errorMsg: 'newPassword cannot be empty' });
-      }
+      }
 
       return umbRequestHelper.resourcePromise(
         $http.post(
@@ -209,6 +209,23 @@ function authResource($q, $http, umbRequestHelper, angularHelper) {
             "PostSetInvitedUserPassword"),
           angular.toJson(newPassword)),
         'Failed to change password');
+    },
+
+    /**
+     * @ngdoc method
+     * @name umbraco.resources.currentUserResource#getMembershipProviderConfig
+     * @methodOf umbraco.resources.currentUserResource
+     *
+     * @description
+     * Gets the configuration of the user membership provider which is used to configure the change password form         
+     */
+    getMembershipProviderConfig: function () {
+      return umbRequestHelper.resourcePromise(
+        $http.get(
+          umbRequestHelper.getApiUrl(
+            "authenticationApiBaseUrl",
+            "GetMembershipProviderConfig")),
+        'Failed to retrieve membership provider config');
     },
 
     /**
diff --git a/src/Umbraco.Web.UI.Client/src/common/resources/currentuser.resource.js b/src/Umbraco.Web.UI.Client/src/common/resources/currentuser.resource.js
index 21f55dd6a1..fee8f34e41 100644
--- a/src/Umbraco.Web.UI.Client/src/common/resources/currentuser.resource.js
+++ b/src/Umbraco.Web.UI.Client/src/common/resources/currentuser.resource.js
@@ -29,24 +29,8 @@ function currentUserResource($q, $http, umbRequestHelper) {
             "PostChangePassword"),
           changePasswordArgs),
         'Failed to change password');
-    },    
-
-    /**
-     * @ngdoc method
-     * @name umbraco.resources.currentUserResource#getMembershipProviderConfig
-     * @methodOf umbraco.resources.currentUserResource
-     *
-     * @description
-     * Gets the configuration of the user membership provider which is used to configure the change password form         
-     */
-    getMembershipProviderConfig: function () {
-      return umbRequestHelper.resourcePromise(
-        $http.get(
-          umbRequestHelper.getApiUrl(
-            "currentUserApiBaseUrl",
-            "GetMembershipProviderConfig")),
-        'Failed to retrieve membership provider config');
-    },
+    }
+    
   };
 }
 
diff --git a/src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.controller.js b/src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.controller.js
index 229bc1047a..904ae58289 100644
--- a/src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.controller.js
+++ b/src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.controller.js
@@ -1,22 +1,43 @@
 angular.module("umbraco").controller("Umbraco.Dialogs.LoginController",
-  function ($scope, $cookies, $location, currentUserResource, formHelper, localizationService, userService, externalLoginInfo, resetPasswordCodeInfo, $timeout, authResource, dialogService) {
+  function ($scope, $cookies, $location, currentUserResource, formHelper, localizationService, userService, externalLoginInfo, resetPasswordCodeInfo, $timeout, authResource, dialogService, $q) {
 
     $scope.invitedUser = null;
     $scope.invitedUserPasswordModel = {
-      password: "",
-      confirmPassword: ""
+      password: "",
+      confirmPassword: "",
+      buttonState: "",
+      passwordPolicies: null,
+      passwordPolicyText: ""
     }
 
     function init() {
       // Check if it is a new user
       if ($location.search().invite) {
-        
-        authResource.getCurrentInvitedUser().then(function (data) {
-          $scope.invitedUser = data;
+
+        $q.all([
+          //get the current invite user
+          authResource.getCurrentInvitedUser().then(function (data) {
+              $scope.invitedUser = data;
+            },
+            function() {
+              //it failed so we should remove the search
+              $location.search('invite', null);
+            }),
+          //get the membership provider config for password policies
+          authResource.getMembershipProviderConfig().then(function (data) {
+            $scope.invitedUserPasswordModel.passwordPolicies = data;
+
+            //localize the text
+            localizationService.localize("errorHandling_errorInPasswordFormat",
+              [
+                $scope.invitedUserPasswordModel.passwordPolicies.minPasswordLength,
+                $scope.invitedUserPasswordModel.passwordPolicies.minNonAlphaNumericChars
+              ]).then(function(data) {
+                $scope.invitedUserPasswordModel.passwordPolicyText = data;
+            });
+          })
+        ]).then(function() {
           $scope.inviteSetPassword = true;
-        }, function () {
-          //it failed so we should remove the search
-          $location.search('invite', null);
         });
       }
     }
@@ -25,14 +46,14 @@
 
       if (formHelper.submitForm({ scope: $scope, statusMessage: "Saving..." })) {
 
-        $scope.inviteChangePasswordButtonState = "busy";
+        $scope.invitedUserPasswordModel.buttonState = "busy";
 
         authResource.performSetInvitedUserPassword($scope.invitedUserPasswordModel.password)
           .then(function (data) {
 
             //success
             formHelper.resetForm({ scope: $scope, notifications: data.notifications });
-            $scope.inviteChangePasswordButtonState = "success";
+            $scope.invitedUserPasswordModel.buttonState = "success";
 
             $scope.inviteSetPassword = false;
             $scope.inviteSetAvatar = true;
@@ -42,7 +63,7 @@
             //error
             formHelper.handleError(err);
             
-            $scope.inviteChangePasswordButtonState = "error";
+            $scope.invitedUserPasswordModel.buttonState = "error";
 
           });
       }      
@@ -144,6 +165,8 @@
     }
 
     $scope.loginSubmit = function (login, password) {
+
+      //TODO: Do validation properly like in the invite password update
 
       //if the login and password are not empty we need to automatically 
       // validate them - this is because if there are validation errors on the server
@@ -195,6 +218,8 @@
 
     $scope.requestPasswordResetSubmit = function (email) {
 
+      //TODO: Do validation properly like in the invite password update
+
       if (email && email.length > 0) {
         $scope.requestPasswordResetForm.email.$setValidity('auth', true);
       }
diff --git a/src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.html b/src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.html
index 059366659b..0fb7af2c42 100644
--- a/src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.html
+++ b/src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.html
@@ -18,10 +18,11 @@
           <div class="control-group" ng-class="{error: setPasswordForm.password.$invalid}">
             <label>
               <localize key="user_newPassword">New password</localize>
-              <small style="font-size: 13px;">Lorem ipsum dolor sit amet (Some hint here about the new password)</small>
+              <small style="font-size: 13px;">{{invitedUserPasswordModel.passwordPolicyText}}</small>
             </label>
-            <input type="password" ng-model="invitedUserPasswordModel.password" name="password" class="-full-width-input" umb-auto-focus required val-server-field="value" autocomplete="off" />
-            <span class="help-inline" val-msg-for="password" val-toggle-msg="required"><localize key="general_required">Required</localize></span>
+            <input type="password" ng-model="invitedUserPasswordModel.password" name="password" class="-full-width-input" umb-auto-focus required val-server-field="value" autocomplete="off" ng-minlength="{{invitedUserPasswordModel.passwordPolicies.minPasswordLength}}" />
+            <span class="help-inline" val-msg-for="password" val-toggle-msg="required"><localize key="user_passwordIsBlank">Your new password cannot be blank!</localize></span>
+            <span class="help-inline" val-msg-for="password" val-toggle-msg="minlength">Minimum {{invitedUserPasswordModel.passwordPolicies.minPasswordLength}} characters</span>    
             <span class="help-inline" val-msg-for="password" val-toggle-msg="valServerField"></span>     
           </div>
 
@@ -29,12 +30,13 @@
             <label><localize key="user_confirmNewPassword">Confirm new password</localize></label>
             <input type="password" ng-model="invitedUserPasswordModel.confirmPassword" name="confirmPassword" class="-full-width-input" required val-compare="password" autocomplete="off"/>
             <span class="help-inline" val-msg-for="confirmPassword" val-toggle-msg="required"><localize key="general_required">Required</localize></span>
+            <span class="help-inline" val-msg-for="confirmPassword" val-toggle-msg="valCompare"><localize key="user_passwordMismatch">The confirmed password doesn't match the new password!</localize></span>
           </div>
 
           <div class="flex justify-between items-center">
             <umb-button type="submit"
                         button-style="success"
-                        state="inviteChangePasswordButtonState"
+                        state="invitedUserPasswordModel.buttonState"
                         label="Save password">
             </umb-button>
           </div>
diff --git a/src/Umbraco.Web.UI.Client/src/views/common/dialogs/user.controller.js b/src/Umbraco.Web.UI.Client/src/views/common/dialogs/user.controller.js
index bac8fcded7..cc7f1d158f 100644
--- a/src/Umbraco.Web.UI.Client/src/views/common/dialogs/user.controller.js
+++ b/src/Umbraco.Web.UI.Client/src/views/common/dialogs/user.controller.js
@@ -115,7 +115,7 @@ angular.module("umbraco")
         };
 
         //go get the config for the membership provider and add it to the model
-        currentUserResource.getMembershipProviderConfig().then(function(data) {
+        authResource.getMembershipProviderConfig().then(function(data) {
            $scope.changePasswordModel.config = data;
            //ensure the hasPassword config option is set to true (the user of course has a password already assigned)
            //this will ensure the oldPassword is shown so they can change it
diff --git a/src/Umbraco.Web.UI.Client/src/views/common/overlays/user/user.controller.js b/src/Umbraco.Web.UI.Client/src/views/common/overlays/user/user.controller.js
index 2ba14f13b6..f59292dcc8 100644
--- a/src/Umbraco.Web.UI.Client/src/views/common/overlays/user/user.controller.js
+++ b/src/Umbraco.Web.UI.Client/src/views/common/overlays/user/user.controller.js
@@ -121,7 +121,7 @@ angular.module("umbraco")
         };
 
         //go get the config for the membership provider and add it to the model
-        currentUserResource.getMembershipProviderConfig().then(function(data) {
+        authResource.getMembershipProviderConfig().then(function(data) {
            $scope.changePasswordModel.config = data;
            //ensure the hasPassword config option is set to true (the user of course has a password already assigned)
            //this will ensure the oldPassword is shown so they can change it
diff --git a/src/Umbraco.Web/Editors/AuthenticationController.cs b/src/Umbraco.Web/Editors/AuthenticationController.cs
index eaa26625cf..45a0325df3 100644
--- a/src/Umbraco.Web/Editors/AuthenticationController.cs
+++ b/src/Umbraco.Web/Editors/AuthenticationController.cs
@@ -50,6 +50,17 @@ namespace Umbraco.Web.Editors
             get { return _signInManager ?? (_signInManager = TryGetOwinContext().Result.GetBackOfficeSignInManager()); }
         }
 
+        /// <summary>
+        /// Returns the configuration for the backoffice user membership provider - used to configure the change password dialog
+        /// </summary>
+        /// <returns></returns>
+        [WebApi.UmbracoAuthorize(requireApproval: false)]
+        public IDictionary<string, object> GetMembershipProviderConfig()
+        {
+            var provider = Core.Security.MembershipProviderExtensions.GetUsersMembershipProvider();
+            return provider.GetConfiguration(Services.UserService);
+        }
+
         /// <summary>
         /// Checks if a valid token is specified for an invited user and if so logs the user in and returns the user object
         /// </summary>
diff --git a/src/Umbraco.Web/Editors/BackOfficeController.cs b/src/Umbraco.Web/Editors/BackOfficeController.cs
index 23cafd7c73..b371142fcc 100644
--- a/src/Umbraco.Web/Editors/BackOfficeController.cs
+++ b/src/Umbraco.Web/Editors/BackOfficeController.cs
@@ -339,7 +339,7 @@ namespace Umbraco.Web.Editors
                             },
                             {
                                 "currentUserApiBaseUrl", Url.GetUmbracoApiServiceBaseUrl<CurrentUserController>(
-                                    controller => controller.GetMembershipProviderConfig())
+                                    controller => controller.PostChangePassword(null))
                             },
                             {
                                 "legacyApiBaseUrl", Url.GetUmbracoApiServiceBaseUrl<LegacyController>(
diff --git a/src/Umbraco.Web/Editors/CurrentUserController.cs b/src/Umbraco.Web/Editors/CurrentUserController.cs
index aacad99fb7..d7da1cd713 100644
--- a/src/Umbraco.Web/Editors/CurrentUserController.cs
+++ b/src/Umbraco.Web/Editors/CurrentUserController.cs
@@ -29,17 +29,7 @@ namespace Umbraco.Web.Editors
     [PluginController("UmbracoApi")]
     public class CurrentUserController : UmbracoAuthorizedJsonController
     {
-
-        /// <summary>
-        /// Returns the configuration for the backoffice user membership provider - used to configure the change password dialog
-        /// </summary>
-        /// <returns></returns>
-        public IDictionary<string, object> GetMembershipProviderConfig()
-        {
-            var provider = Core.Security.MembershipProviderExtensions.GetUsersMembershipProvider();            
-            return provider.GetConfiguration(Services.UserService);
-        } 
-
+        
         /// <summary>
         /// Changes the users password
         /// </summary>
diff --git a/src/Umbraco.Web/MembershipProviderExtensions.cs b/src/Umbraco.Web/MembershipProviderExtensions.cs
index 2a32384732..0aec00eb76 100644
--- a/src/Umbraco.Web/MembershipProviderExtensions.cs
+++ b/src/Umbraco.Web/MembershipProviderExtensions.cs
@@ -28,7 +28,8 @@ namespace Umbraco.Web
                     {"enableReset", canReset},
                     {"enablePasswordRetrieval", membershipProvider.EnablePasswordRetrieval},
                     {"requiresQuestionAnswer", membershipProvider.RequiresQuestionAndAnswer},
-                    {"allowManuallyChangingPassword", baseProvider != null && baseProvider.AllowManuallyChangingPassword}
+                    {"allowManuallyChangingPassword", baseProvider != null && baseProvider.AllowManuallyChangingPassword},
+                    {"minNonAlphaNumericChars", membershipProvider.MinRequiredNonAlphanumericCharacters}
                     //TODO: Inject the other parameters in here to change the behavior of this control - based on the membership provider settings.
                 };
         }