diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index d7b252c3f2..7e63d797fa 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -267,7 +267,7 @@ Devise.setup do |config|
 
   # ==> Configuration for :validatable
   # Range for password length.
-  config.password_length = 8..72
+  config.password_length = 12..72
 
   # Email regex used to validate email formats. It simply asserts that
   # one (and only one) @ exists in the given string. This is mainly
diff --git a/spec/controllers/auth/registrations_controller_spec.rb b/spec/controllers/auth/registrations_controller_spec.rb
index b52d7c6ce4..5902a2f27c 100644
--- a/spec/controllers/auth/registrations_controller_spec.rb
+++ b/spec/controllers/auth/registrations_controller_spec.rb
@@ -5,6 +5,8 @@ require 'rails_helper'
 RSpec.describe Auth::RegistrationsController do
   render_views
 
+  let(:password) { Faker::Internet.password(min_length: 12) }
+
   shared_examples 'checks for enabled registrations' do |path|
     around do |example|
       registrations_mode = Setting.registrations_mode
@@ -115,7 +117,7 @@ RSpec.describe Auth::RegistrationsController do
       subject do
         Setting.registrations_mode = 'open'
         request.headers['Accept-Language'] = accept_language
-        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
+        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: password, password_confirmation: password, agreement: 'true' } }
       end
 
       around do |example|
@@ -141,7 +143,7 @@ RSpec.describe Auth::RegistrationsController do
       subject do
         Setting.registrations_mode = 'open'
         request.headers['Accept-Language'] = accept_language
-        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'false' } }
+        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: password, password_confirmation: password, agreement: 'false' } }
       end
 
       around do |example|
@@ -161,7 +163,7 @@ RSpec.describe Auth::RegistrationsController do
       subject do
         Setting.registrations_mode = 'approved'
         request.headers['Accept-Language'] = accept_language
-        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
+        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: password, password_confirmation: password, agreement: 'true' } }
       end
 
       around do |example|
@@ -189,7 +191,7 @@ RSpec.describe Auth::RegistrationsController do
         Setting.registrations_mode = 'approved'
         request.headers['Accept-Language'] = accept_language
         invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.ago)
-        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', invite_code: invite.code, agreement: 'true' } }
+        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: password, password_confirmation: password, invite_code: invite.code, agreement: 'true' } }
       end
 
       around do |example|
@@ -219,7 +221,7 @@ RSpec.describe Auth::RegistrationsController do
         Setting.require_invite_text = true
         request.headers['Accept-Language'] = accept_language
         invite = Fabricate(:invite, user: inviter, max_uses: nil, expires_at: 1.hour.from_now)
-        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', invite_code: invite.code, agreement: 'true' } }
+        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: password, password_confirmation: password, invite_code: invite.code, agreement: 'true' } }
       end
 
       around do |example|
diff --git a/spec/controllers/settings/migration/redirects_controller_spec.rb b/spec/controllers/settings/migration/redirects_controller_spec.rb
index aa6df64cff..5d331a871f 100644
--- a/spec/controllers/settings/migration/redirects_controller_spec.rb
+++ b/spec/controllers/settings/migration/redirects_controller_spec.rb
@@ -5,7 +5,8 @@ require 'rails_helper'
 describe Settings::Migration::RedirectsController do
   render_views
 
-  let!(:user) { Fabricate(:user, password: 'testtest') }
+  let(:password) { Faker::Internet.password(min_length: 12) }
+  let(:user) { Fabricate(:user, password: password) }
 
   before do
     sign_in user, scope: :user
@@ -30,7 +31,7 @@ describe Settings::Migration::RedirectsController do
       before { stub_resolver }
 
       it 'redirects to the settings migration path' do
-        post :create, params: { form_redirect: { acct: 'new@host.com', current_password: 'testtest' } }
+        post :create, params: { form_redirect: { acct: 'new@host.com', current_password: password } }
 
         expect(response).to redirect_to(settings_migration_path)
       end
diff --git a/spec/fabricators/user_fabricator.rb b/spec/fabricators/user_fabricator.rb
index 9031d5cd04..d32bd25503 100644
--- a/spec/fabricators/user_fabricator.rb
+++ b/spec/fabricators/user_fabricator.rb
@@ -3,7 +3,7 @@
 Fabricator(:user) do
   account      { Fabricate.build(:account, user: nil) }
   email        { sequence(:email) { |i| "#{i}#{Faker::Internet.email}" } }
-  password     '123456789'
+  password     { Faker::Internet.password(min_length: 12) }
   confirmed_at { Time.zone.now }
   current_sign_in_at { Time.zone.now }
   agreement true
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index d3e0ac63a4..f8ee1e25e2 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -4,7 +4,7 @@ require 'rails_helper'
 require 'devise_two_factor/spec_helpers'
 
 RSpec.describe User do
-  let(:password) { 'abcd1234' }
+  let(:password) { Faker::Internet.password(min_length: 12) }
   let(:account) { Fabricate(:account, username: 'alice') }
 
   it_behaves_like 'two_factor_backupable'
@@ -426,7 +426,7 @@ RSpec.describe User do
   end
 
   describe '#reset_password!' do
-    subject(:user) { Fabricate(:user, password: 'foobar12345') }
+    subject(:user) { Fabricate(:user, password: password) }
 
     let!(:session_activation) { Fabricate(:session_activation, user: user) }
     let!(:access_token) { Fabricate(:access_token, resource_owner_id: user.id) }
@@ -437,7 +437,7 @@ RSpec.describe User do
     end
 
     it 'changes the password immediately' do
-      expect(user.external_or_valid_password?('foobar12345')).to be false
+      expect(user.external_or_valid_password?(password)).to be false
     end
 
     it 'deactivates all sessions' do
diff --git a/spec/services/app_sign_up_service_spec.rb b/spec/services/app_sign_up_service_spec.rb
index 2532304964..dccff5d597 100644
--- a/spec/services/app_sign_up_service_spec.rb
+++ b/spec/services/app_sign_up_service_spec.rb
@@ -5,8 +5,9 @@ require 'rails_helper'
 RSpec.describe AppSignUpService, type: :service do
   subject { described_class.new }
 
+  let(:password) { Faker::Internet.password(min_length: 12) }
   let(:app) { Fabricate(:application, scopes: 'read write') }
-  let(:good_params) { { username: 'alice', password: '12345678', email: 'good@email.com', agreement: true } }
+  let(:good_params) { { username: 'alice', password: password, email: 'good@email.com', agreement: true } }
   let(:remote_ip) { IPAddr.new('198.0.2.1') }
 
   describe '#call' do