diff --git a/composer.json b/composer.json
index a90c249b..a5b93f2e 100644
--- a/composer.json
+++ b/composer.json
@@ -23,12 +23,12 @@
         "limenius/liform-bundle": "dev-master",
         "nelmio/cors-bundle": "^2.2",
         "phpdocumentor/reflection-docblock": "^5.2",
-        "roadiz/user-bundle": "~2.0.0 || dev-develop",
-        "roadiz/rozier-bundle": "~2.0.0 || dev-develop",
         "roadiz/compat-bundle": "~2.0.0 || dev-develop",
         "roadiz/core-bundle": "~2.0.0 || dev-develop",
+        "roadiz/rozier-bundle": "~2.0.0 || dev-develop",
+        "roadiz/user-bundle": "~2.0.0 || dev-develop",
+        "rollerworks/password-common-list": "^0.2.0",
         "rollerworks/password-strength-bundle": "^2.2",
-        "rollerworks/password-strength-validator": "^1.6",
         "scienta/doctrine-json-functions": "^4.2",
         "sensio/framework-extra-bundle": "^6.1",
         "sentry/sentry-symfony": "^4.2",
diff --git a/config/api_resources/user.yaml b/config/api_resources/user.yaml
index 6b1d3d75..ffe54fea 100644
--- a/config/api_resources/user.yaml
+++ b/config/api_resources/user.yaml
@@ -9,6 +9,8 @@ RZ\Roadiz\CoreBundle\Entity\User:
             controller: RZ\Roadiz\UserBundle\Controller\SignupController
             input: RZ\Roadiz\UserBundle\Api\Dto\UserInput
             output: RZ\Roadiz\UserBundle\Api\Dto\VoidOutput
+            validation_groups:
+                - no_empty_password
             openapi_context:
                 summary: Create a new public user
                 parameters: ~
@@ -64,6 +66,8 @@ RZ\Roadiz\CoreBundle\Entity\User:
             # Password reset must not call ReadListener to let DataTransformer provide User.
             read: false
             validate: false
+            validation_groups:
+                - no_empty_password
             openapi_context:
                 summary: Reset a public user password
                 parameters: ~
diff --git a/config/bundles.php b/config/bundles.php
index 34f8b746..f413a266 100644
--- a/config/bundles.php
+++ b/config/bundles.php
@@ -25,4 +25,5 @@
     Limenius\LiformBundle\LimeniusLiformBundle::class => ['all' => true],
     Lexik\Bundle\JWTAuthenticationBundle\LexikJWTAuthenticationBundle::class => ['all' => true],
     Nelmio\CorsBundle\NelmioCorsBundle::class => ['all' => true],
+    Rollerworks\Bundle\PasswordCommonListBundle\RollerworksPasswordCommonListBundle::class => ['all' => true],
 ];
diff --git a/config/packages/rollerworks_password.yml b/config/packages/rollerworks_password.yml
deleted file mode 100644
index 64352a9e..00000000
--- a/config/packages/rollerworks_password.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-rollerworks_password_strength:
-    blacklist:
-        default_provider: rollerworks_password_strength.blacklist.provider.chain
-        providers:
-            chain:
-                lazy: true
-                providers:
-                    - RZ\Roadiz\CoreBundle\Security\Blacklist\Top500Provider