diff --git a/contentcuration/contentcuration/forms.py b/contentcuration/contentcuration/forms.py
index d9dc781f61..8e9320d85f 100644
--- a/contentcuration/contentcuration/forms.py
+++ b/contentcuration/contentcuration/forms.py
@@ -1,5 +1,4 @@
 import json
-from builtins import object
 
 from django import forms
 from django.conf import settings
@@ -7,6 +6,7 @@
 from django.contrib.auth.forms import UserChangeForm
 from django.contrib.auth.forms import UserCreationForm
 from django.core import signing
+from django.core.exceptions import ValidationError
 from django.db.models import Q
 from django.template.loader import render_to_string
 
@@ -16,23 +16,16 @@
 REGISTRATION_SALT = getattr(settings, 'REGISTRATION_SALT', 'registration')
 
 
-class ExtraFormMixin(object):
-
-    def check_field(self, field, error):
-        if not self.cleaned_data.get(field):
-            self.errors[field] = self.error_class()
-            self.add_error(field, error)
-            return False
-        return self.cleaned_data.get(field)
-
-
 # LOGIN/REGISTRATION FORMS
 #################################################################
-class RegistrationForm(UserCreationForm, ExtraFormMixin):
+class RegistrationForm(UserCreationForm):
+    CODE_ACCOUNT_ACTIVE = 'account_active'
+    CODE_ACCOUNT_INACTIVE = 'account_inactive'
+
     first_name = forms.CharField(required=True)
     last_name = forms.CharField(required=True)
-    email = forms.CharField(required=True)
-    password1 = forms.CharField(required=True)
+    email = forms.EmailField(required=True)
+    password1 = forms.CharField(required=True, min_length=8)
     password2 = forms.CharField(required=True)
     uses = forms.CharField(required=True)
     other_use = forms.CharField(required=False)
@@ -45,22 +38,18 @@ class RegistrationForm(UserCreationForm, ExtraFormMixin):
     locations = forms.CharField(required=True)
 
     def clean_email(self):
-        email = self.cleaned_data['email'].strip().lower()
-        if User.objects.filter(Q(is_active=True) | Q(deleted=True), email__iexact=email).exists():
-            raise UserWarning
+        # ensure email is lower case
+        email = self.cleaned_data["email"].strip().lower()
+        user_qs = User.objects.filter(email__iexact=email)
+        if user_qs.exists():
+            if user_qs.filter(Q(is_active=True) | Q(deleted=True)).exists():
+                raise ValidationError("Account already active", code=self.CODE_ACCOUNT_ACTIVE)
+            else:
+                raise ValidationError("Already registered.", code=self.CODE_ACCOUNT_INACTIVE)
         return email
 
-    def clean(self):
-        super(RegistrationForm, self).clean()
-
-        # Errors should be caught on the frontend
-        # or a warning should be thrown if the account exists
-        self.errors.clear()
-        return self.cleaned_data
-
     def save(self, commit=True):
-        user = super(RegistrationForm, self).save(commit=commit)
-        user.set_password(self.cleaned_data["password1"])
+        user = super(RegistrationForm, self).save(commit=False)
         user.first_name = self.cleaned_data["first_name"]
         user.last_name = self.cleaned_data["last_name"]
         user.information = {
@@ -165,7 +154,7 @@ def save(self, user):
         return user
 
 
-class StorageRequestForm(forms.Form, ExtraFormMixin):
+class StorageRequestForm(forms.Form):
     # Nature of content
     storage = forms.CharField(required=True)
     kind = forms.CharField(required=True)
@@ -194,7 +183,7 @@ class Meta:
                   "audience", "import_count", "location", "uploading_for", "organization_type", "time_constraint", "message")
 
 
-class IssueReportForm(forms.Form, ExtraFormMixin):
+class IssueReportForm(forms.Form):
     operating_system = forms.CharField(required=True)
     browser = forms.CharField(required=True)
     channel = forms.CharField(required=False)
@@ -204,7 +193,7 @@ class Meta:
         fields = ("operating_system", "browser", "channel", "description")
 
 
-class DeleteAccountForm(forms.Form, ExtraFormMixin):
+class DeleteAccountForm(forms.Form):
     email = forms.CharField(required=True)
 
     def __init__(self, user, *args, **kwargs):
@@ -214,5 +203,5 @@ def __init__(self, user, *args, **kwargs):
     def clean_email(self):
         email = self.cleaned_data['email'].strip().lower()
         if self.user.is_admin or self.user.email.lower() != self.cleaned_data['email']:
-            raise UserWarning
+            raise ValidationError("Not allowed")
         return email
diff --git a/contentcuration/contentcuration/frontend/accounts/pages/Create.vue b/contentcuration/contentcuration/frontend/accounts/pages/Create.vue
index ba9f8bf338..6e6562ad5b 100644
--- a/contentcuration/contentcuration/frontend/accounts/pages/Create.vue
+++ b/contentcuration/contentcuration/frontend/accounts/pages/Create.vue
@@ -31,31 +31,40 @@
           v-model="form.first_name"
           maxlength="100"
           counter
-          :label="$tr('firstNameLabel')"
           autofocus
+          :label="$tr('firstNameLabel')"
+          :error-messages="errors.first_name"
+          @input="resetErrors('first_name')"
         />
         <TextField
           v-model="form.last_name"
           maxlength="100"
           counter
           :label="$tr('lastNameLabel')"
+          :error-messages="errors.last_name"
+          @input="resetErrors('last_name')"
         />
         <EmailField
           v-model="form.email"
           maxlength="100"
           counter
           :disabled="Boolean($route.query.email)"
-          :error-messages="emailErrors"
-          @input="emailErrors = []"
+          :error-messages="errors.email"
+          @input="resetErrors('email')"
         />
         <PasswordField
           v-model="form.password1"
+          :additionalRules="passwordValidationRules"
           :label="$tr('passwordLabel')"
+          :error-messages="errors.password1"
+          @input="resetErrors('password1')"
         />
         <PasswordField
           v-model="form.password2"
           :additionalRules="passwordConfirmRules"
           :label="$tr('confirmPasswordLabel')"
+          :error-messages="errors.password2"
+          @input="resetErrors('password2')"
         />
 
         <!-- Usage -->
@@ -200,6 +209,7 @@
   import Checkbox from 'shared/views/form/Checkbox';
   import { policies } from 'shared/constants';
   import DropdownWrapper from 'shared/views/form/DropdownWrapper';
+  import commonStrings from 'shared/translator';
 
   export default {
     name: 'Create',
@@ -219,7 +229,6 @@
       return {
         valid: true,
         registrationFailed: false,
-        emailErrors: [],
         form: {
           first_name: '',
           last_name: '',
@@ -237,6 +246,13 @@
           accepted_policy: false,
           accepted_tos: false,
         },
+        errors: {
+          first_name: [],
+          last_name: [],
+          email: [],
+          password1: [],
+          password2: [],
+        },
       };
     },
     computed: {
@@ -247,6 +263,9 @@
       passwordConfirmRules() {
         return [value => (this.form.password1 === value ? true : this.$tr('passwordMatchMessage'))];
       },
+      passwordValidationRules() {
+        return [value => (value.length >= 8 ? true : this.$tr('passwordValidationMessage'))];
+      },
       acceptedAgreement: {
         get() {
           return this.form.accepted_tos && this.form.accepted_policy;
@@ -294,10 +313,12 @@
         ];
       },
       usageRules() {
-        return [() => (this.form.uses.length ? true : this.$tr('fieldRequiredMessage'))];
+        /* eslint-disable-next-line kolibri/vue-no-undefined-string-uses */
+        return [() => (this.form.uses.length ? true : commonStrings.$tr('fieldRequired'))];
       },
       locationRules() {
-        return [() => (this.form.locations.length ? true : this.$tr('fieldRequiredMessage'))];
+        /* eslint-disable-next-line kolibri/vue-no-undefined-string-uses */
+        return [() => (this.form.locations.length ? true : commonStrings.$tr('fieldRequired'))];
       },
       sources() {
         return sources;
@@ -359,7 +380,8 @@
         ];
       },
       sourceRules() {
-        return [() => (this.form.source.length ? true : this.$tr('fieldRequiredMessage'))];
+        /* eslint-disable-next-line kolibri/vue-no-undefined-string-uses */
+        return [() => (this.form.source.length ? true : commonStrings.$tr('fieldRequired'))];
       },
       clean() {
         return data => {
@@ -438,8 +460,27 @@
             .catch(error => {
               if (error.message === 'Network Error') {
                 this.$refs.top.scrollIntoView({ behavior: 'smooth' });
+              } else if (error.response.status === 400) {
+                for (const field of error.response.data) {
+                  if (!Object.prototype.hasOwnProperty.call(this.errors, field)) {
+                    continue;
+                  }
+                  let message = '';
+                  switch (field) {
+                    case 'password1':
+                      message = this.$tr('passwordValidationMessage');
+                      break;
+                    default:
+                      /* eslint-disable-next-line kolibri/vue-no-undefined-string-uses */
+                      message = commonStrings.$tr('fieldHasError');
+                      break;
+                  }
+                  this.errors[field] = [message];
+                }
+                this.registrationFailed = true;
+                this.valid = false;
               } else if (error.response.status === 403) {
-                this.emailErrors = [this.$tr('emailExistsMessage')];
+                this.errors.email = [this.$tr('emailExistsMessage')];
               } else if (error.response.status === 405) {
                 this.$router.push({ name: 'AccountNotActivated' });
               } else {
@@ -452,12 +493,14 @@
         }
         return Promise.resolve();
       },
+      resetErrors(field) {
+        this.errors[field] = [];
+      },
     },
 
     $trs: {
       backToLoginButton: 'Sign in',
       createAnAccountTitle: 'Create an account',
-      fieldRequiredMessage: 'Field is required',
       errorsMessage: 'Please fix the errors below',
       registrationFailed: 'There was an error registering your account. Please try again',
       registrationFailedOffline:
@@ -470,6 +513,7 @@
       passwordLabel: 'Password',
       confirmPasswordLabel: 'Confirm password',
       passwordMatchMessage: "Passwords don't match",
+      passwordValidationMessage: 'Password should be at least 8 characters long',
 
       // Usage question
       usageLabel: 'How do you plan on using Kolibri Studio (check all that apply)',
diff --git a/contentcuration/contentcuration/frontend/accounts/pages/__tests__/create.spec.js b/contentcuration/contentcuration/frontend/accounts/pages/__tests__/create.spec.js
index f2a201b560..143520329b 100644
--- a/contentcuration/contentcuration/frontend/accounts/pages/__tests__/create.spec.js
+++ b/contentcuration/contentcuration/frontend/accounts/pages/__tests__/create.spec.js
@@ -17,8 +17,8 @@ const defaultData = {
   first_name: 'Test',
   last_name: 'User',
   email: 'test@test.com',
-  password1: 'pass',
-  password2: 'pass',
+  password1: 'tester123',
+  password2: 'tester123',
   uses: ['tagging'],
   storage: '',
   other_use: '',
@@ -126,6 +126,11 @@ describe('create', () => {
         expect(register).not.toHaveBeenCalled();
       });
     });
+    it('should fail if password1 is too short', () => {
+      const wrapper = makeWrapper({ password1: '123' });
+      wrapper.vm.submit();
+      expect(register).not.toHaveBeenCalled();
+    });
     it('should fail if password1 and password2 do not match', () => {
       const wrapper = makeWrapper({ password1: 'some other password' });
       wrapper.vm.submit();
@@ -155,7 +160,7 @@ describe('create', () => {
     it('should say account with email already exists if register returns a 403', async () => {
       wrapper.setMethods({ register: makeFailedPromise(403) });
       await wrapper.vm.submit();
-      expect(wrapper.vm.emailErrors).toHaveLength(1);
+      expect(wrapper.vm.errors.email).toHaveLength(1);
     });
     it('should say account has not been activated if register returns 405', async () => {
       wrapper.setMethods({ register: makeFailedPromise(405) });
diff --git a/contentcuration/contentcuration/frontend/shared/translator.js b/contentcuration/contentcuration/frontend/shared/translator.js
index b52eecaf59..7aac180a36 100644
--- a/contentcuration/contentcuration/frontend/shared/translator.js
+++ b/contentcuration/contentcuration/frontend/shared/translator.js
@@ -2,6 +2,7 @@ import { createTranslator } from 'shared/i18n';
 
 const MESSAGES = {
   fieldRequired: 'This field is required',
+  fieldHasError: 'This field has an error',
   titleRequired: 'Title is required',
   licenseRequired: 'License is required',
   copyrightHolderRequired: 'Copyright holder is required',
diff --git a/contentcuration/contentcuration/frontend/shared/views/form/EmailField.vue b/contentcuration/contentcuration/frontend/shared/views/form/EmailField.vue
index fe0e641c42..ad28d0b91e 100644
--- a/contentcuration/contentcuration/frontend/shared/views/form/EmailField.vue
+++ b/contentcuration/contentcuration/frontend/shared/views/form/EmailField.vue
@@ -17,6 +17,8 @@
 
 <script>
 
+  import commonStrings from 'shared/translator';
+
   export default {
     name: 'EmailField',
     props: {
@@ -46,7 +48,8 @@
       emailRules() {
         // TODO: fix checking if email exists
         return [
-          v => (!this.required || v.trim() ? true : this.$tr('emailRequiredMessage')),
+          /* eslint-disable-next-line kolibri/vue-no-undefined-string-uses */
+          v => (!this.required || v.trim() ? true : commonStrings.$tr('fieldRequired')),
           v => /.+@.+\..+/.test(v) || this.$tr('validEmailMessage'),
         ];
       },
@@ -54,7 +57,6 @@
     $trs: {
       emailLabel: 'Email',
       validEmailMessage: 'Please enter a valid email',
-      emailRequiredMessage: 'Field is required',
     },
   };
 
diff --git a/contentcuration/contentcuration/frontend/shared/views/form/PasswordField.vue b/contentcuration/contentcuration/frontend/shared/views/form/PasswordField.vue
index 69e1e44e14..e82df91b74 100644
--- a/contentcuration/contentcuration/frontend/shared/views/form/PasswordField.vue
+++ b/contentcuration/contentcuration/frontend/shared/views/form/PasswordField.vue
@@ -7,6 +7,7 @@
     :rules="rules"
     :label="label || $tr('passwordLabel')"
     :validate-on-blur="!validate"
+    :error-messages="errorMessages"
     type="password"
     @keyup.enter="validate = true"
     @keydown="validate = false"
@@ -17,6 +18,8 @@
 
 <script>
 
+  import commonStrings from 'shared/translator';
+
   export default {
     name: 'PasswordField',
     props: {
@@ -40,6 +43,12 @@
         type: Boolean,
         default: true,
       },
+      errorMessages: {
+        type: Array,
+        default() {
+          return [];
+        },
+      },
     },
     data() {
       return {
@@ -56,14 +65,14 @@
         },
       },
       rules() {
-        return [v => (!this.required || v ? true : this.$tr('fieldRequiredMessage'))].concat(
+        /* eslint-disable-next-line kolibri/vue-no-undefined-string-uses */
+        return [v => (!this.required || v ? true : commonStrings.$tr('fieldRequired'))].concat(
           this.additionalRules
         );
       },
     },
     $trs: {
       passwordLabel: 'Password',
-      fieldRequiredMessage: 'Field is required',
     },
   };
 
diff --git a/contentcuration/contentcuration/tests/test_settings.py b/contentcuration/contentcuration/tests/test_settings.py
index 25bbc71a54..48b1b39db6 100644
--- a/contentcuration/contentcuration/tests/test_settings.py
+++ b/contentcuration/contentcuration/tests/test_settings.py
@@ -37,7 +37,7 @@ def test_delete_account_invalid(self):
         try:
             DeleteAccountView.as_view()(request)
             self.assertTrue(False)
-        except UserWarning:
+        except Exception:
             self.assertTrue(User.objects.filter(email=self.user.email).exists())
 
     def test_delete_account(self):
diff --git a/contentcuration/contentcuration/tests/views/test_users.py b/contentcuration/contentcuration/tests/views/test_users.py
index e79e0cdbf9..5247bf46b7 100644
--- a/contentcuration/contentcuration/tests/views/test_users.py
+++ b/contentcuration/contentcuration/tests/views/test_users.py
@@ -2,14 +2,17 @@
 
 from django.http.response import HttpResponseBadRequest
 from django.http.response import HttpResponseForbidden
+from django.http.response import HttpResponseNotAllowed
 from django.http.response import HttpResponseRedirectBase
+from django.urls import reverse_lazy
 from mock import mock
 
+from contentcuration.models import User
 from contentcuration.tests import testdata
+from contentcuration.tests.base import BaseAPITestCase
 from contentcuration.tests.base import StudioAPITestCase
 from contentcuration.views.users import login
 from contentcuration.views.users import UserActivationView
-from contentcuration.views.users import UserRegistrationView
 
 
 class LoginTestCase(StudioAPITestCase):
@@ -107,32 +110,46 @@ def test_after_delete__no_login(self):
             djangologin.assert_not_called()
 
 
-class UserRegistrationViewTestCase(StudioAPITestCase):
+class UserRegistrationViewTestCase(BaseAPITestCase):
     def setUp(self):
         super(UserRegistrationViewTestCase, self).setUp()
-        self.view = UserRegistrationView()
-        self.request = mock.Mock()
-        self.request.body = json.dumps(dict(
+        User.objects.filter(email="tester@tester.com").delete()
+        self.view = reverse_lazy("register")
+        self.request_data = dict(
             first_name="Tester",
             last_name="Tester",
             email="tester@tester.com",
-            pasword1="tester",
-            pasword2="tester",
+            pasword1="tester123",
+            pasword2="tester123",
             uses="IDK",
             source="IDK",
             policies=json.dumps(dict(policy_etc=True)),
             locations="IDK",
-        ))
+        )
 
     def test_post__no_duplicate_registration(self):
         testdata.user(email="tester@tester.com")
-        response = self.view.post(self.request)
+        response = self.post(self.view, self.request_data)
         self.assertIsInstance(response, HttpResponseForbidden)
 
-    def test_after_delete__no_registration(self):
+    def test_post__inactive_registration(self):
+        user = testdata.user(email="tester@tester.com")
+        user.is_active = False
+        user.save()
+        response = self.post(self.view, self.request_data)
+        self.assertIsInstance(response, HttpResponseNotAllowed)
+
+    def test_post__password_too_short(self):
+        self.request_data["pasword1"] = "123"
+        self.request_data["pasword2"] = "123"
+        response = self.post(self.view, self.request_data)
+        self.assertIsInstance(response, HttpResponseBadRequest)
+        self.assertIn("password1", response.content.decode())
+
+    def test_post__after_delete(self):
         user = testdata.user(email="tester@tester.com")
         user.delete()
-        response = self.view.post(self.request)
+        response = self.post(self.view, self.request_data)
         self.assertIsInstance(response, HttpResponseForbidden)
 
 
diff --git a/contentcuration/contentcuration/views/users.py b/contentcuration/contentcuration/views/users.py
index 71328971a6..ecf5d85ac3 100644
--- a/contentcuration/contentcuration/views/users.py
+++ b/contentcuration/contentcuration/views/users.py
@@ -14,6 +14,7 @@
 from django.http import HttpResponse
 from django.http import HttpResponseBadRequest
 from django.http import HttpResponseForbidden
+from django.http import HttpResponseNotAllowed
 from django.shortcuts import redirect
 from django.template.loader import render_to_string
 from django.urls import reverse_lazy
@@ -112,6 +113,7 @@ def deferred_user_space_by_kind(request):
         }
     )
 
+
 @api_view(["GET"])
 @authentication_classes((SessionAuthentication,))
 @permission_classes((IsAuthenticated,))
@@ -160,36 +162,26 @@ class UserRegistrationView(RegistrationView):
     template_name = "registration/registration_information_form.html"
     http_method_names = ["post"]
 
-    def post(self, request):
-        data = json.loads(request.body)
-        form = self.form_class(data)
-        try:
-            # Registration is valid or user hasn't set account up (invitation workflow)
-            if form.is_valid():
-                self.register(form)
-                return HttpResponse()
-
-            # Legacy handle invitations where users haven't activated their accounts
-            inactive_user = User.get_for_email(data['email'], is_active=False, password='')
-            if inactive_user:
-                form.errors.clear()
-                user = form.save(commit=False)
-                inactive_user.set_password(form.cleaned_data["password1"])
-                inactive_user.first_name = user.first_name
-                inactive_user.last_name = user.last_name
-                inactive_user.information = user.information
-                inactive_user.policies = user.policies
-                inactive_user.save()
-                self.send_activation_email(inactive_user)
-                return HttpResponse()
-
-            if form._errors["email"]:
-                return HttpResponseBadRequest(
-                    status=405, reason="Account hasn't been activated"
-                )
-            return HttpResponseBadRequest()
-        except UserWarning:
-            return HttpResponseForbidden()
+    def get_form_kwargs(self):
+        kwargs = super(UserRegistrationView, self).get_form_kwargs()
+        # override the form data with the json data
+        kwargs["data"] = json.loads(self.request.body)
+        return kwargs
+
+    def form_valid(self, form):
+        self.register(form)
+        return HttpResponse()
+
+    def form_invalid(self, form):
+        # frontend handles the error messages
+        error_response = json.dumps(list(form.errors.keys()))
+
+        if form.has_error("email", code=form.CODE_ACCOUNT_ACTIVE):
+            return HttpResponseForbidden(error_response)
+        elif form.has_error("email", code=form.CODE_ACCOUNT_INACTIVE):
+            return HttpResponseNotAllowed(error_response)
+
+        return HttpResponseBadRequest(error_response)
 
     def send_activation_email(self, user):
         activation_key = self.get_activation_key(user)