diff --git a/opentech/settings/base.py b/opentech/settings/base.py
index 7f96ff6c85a8096867434d24c9b350f848d8333a..b0f9b70a0dd7b6d8d0271179e90b7120ade3bd81 100644
--- a/opentech/settings/base.py
+++ b/opentech/settings/base.py
@@ -128,6 +128,7 @@ INSTALLED_APPS = [
     'django.contrib.staticfiles',
     'django.contrib.sitemaps',
     'django.forms',
+    'django_pwnedpasswords_validator',
 ]
 
 MIDDLEWARE = [
@@ -228,17 +229,17 @@ WAGTAILSEARCH_BACKENDS = {
 # https://docs.djangoproject.com/en/stable/ref/settings/#auth-password-validators
 
 AUTH_PASSWORD_VALIDATORS = [
-    {
-        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
-    },
     {
         'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+        'OPTIONS': {
+            'min_length': 12,
+        }
     },
     {
-        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
+        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
     },
     {
-        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
+        'NAME': 'django_pwnedpasswords_validator.validation.PwnedPasswordValidator',
     },
 ]
 
diff --git a/requirements.txt b/requirements.txt
index 1493824a688710ae27f7c0c31c6b8fb1e175e654..a8ed572b11f734905c138101be91c76da12f82a0 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -31,6 +31,7 @@ django_select2==6.0.1
 dj-database-url==0.5.0
 django-basic-auth-ip-whitelist==0.2.1
 django-heroku==0.3.1
+django-pwnedpasswords-validator==1.0.1
 django-redis==4.9.0
 django-referrer-policy==1.0
 whitenoise==4.0