diff --git a/server/lib/src/idm/credupdatesession.rs b/server/lib/src/idm/credupdatesession.rs
index 57d5532d6..d141c8d48 100644
--- a/server/lib/src/idm/credupdatesession.rs
+++ b/server/lib/src/idm/credupdatesession.rs
@@ -2002,6 +2002,7 @@ mod tests {
     use crate::idm::server::{IdmServer, IdmServerCredUpdateTransaction, IdmServerDelayed};
     use crate::idm::AuthState;
     use crate::prelude::*;
+    use crate::utils::password_from_random_len;
     use crate::value::CredentialType;
 
     const TEST_CURRENT_TIME: u64 = 6000;
@@ -2682,9 +2683,9 @@ mod tests {
 
         // Test initially creating a credential.
         //   - pw first
-
+        let pw = password_from_random_len(8);
         let err = cutxn
-            .credential_primary_set_password(&cust, ct, "password")
+            .credential_primary_set_password(&cust, ct, &pw)
             .unwrap_err();
         trace!(?err);
         assert!(match err {
@@ -2694,7 +2695,29 @@ mod tests {
             _ => false,
         });
 
+        // Test pw len of len minus 1
+        let pw = password_from_random_len(test_pw_min_length - 1);
+        let err = cutxn
+            .credential_primary_set_password(&cust, ct, &pw)
+            .unwrap_err();
+        trace!(?err);
+        assert!(match err {
+            OperationError::PasswordQuality(details)
+                if details == vec!(PasswordFeedback::TooShort(test_pw_min_length),) =>
+                true,
+            _ => false,
+        });
+
+        // Test pw len of exact len
+        let pw = password_from_random_len(test_pw_min_length);
+        let c_status = cutxn
+            .credential_primary_set_password(&cust, ct, &pw)
+            .expect("Failed to update the primary cred password");
+
+        assert!(c_status.can_commit);
+
         drop(cutxn);
+        commit_session(idms, ct, cust).await;
     }
 
     // Test set of primary account password
diff --git a/server/lib/src/utils.rs b/server/lib/src/utils.rs
index 03ea47223..af7ea445b 100644
--- a/server/lib/src/utils.rs
+++ b/server/lib/src/utils.rs
@@ -31,9 +31,15 @@ pub fn uuid_from_duration(d: Duration, sid: Sid) -> Uuid {
     uuid_from_u64_u32(d.as_secs(), d.subsec_nanos(), sid)
 }
 
+pub(crate) fn password_from_random_len(len: u32) -> String {
+    thread_rng()
+        .sample_iter(&DistinctAlpha)
+        .take(len as usize)
+        .collect::<String>()
+}
+
 pub fn password_from_random() -> String {
-    let rand_string: String = thread_rng().sample_iter(&DistinctAlpha).take(48).collect();
-    rand_string
+    password_from_random_len(48)
 }
 
 pub fn backup_code_from_random() -> HashSet<String> {