diff --git a/src/routes/admin.cr b/src/routes/admin.cr
index 1fbd978..c2f8fa9 100644
--- a/src/routes/admin.cr
+++ b/src/routes/admin.cr
@@ -32,20 +32,6 @@ class AdminRouter < Router
       #   would not contain `admin`
       admin = !env.params.body["admin"]?.nil?
 
-      if username.size < 3
-        raise "Username should contain at least 3 characters"
-      end
-      if (username =~ /^[A-Za-z0-9_]+$/).nil?
-        raise "Username should contain alphanumeric characters " \
-              "and underscores only"
-      end
-      if password.size < 6
-        raise "Password should contain at least 6 characters"
-      end
-      if (password =~ /^[[:ascii:]]+$/).nil?
-        raise "password should contain ASCII characters only"
-      end
-
       @context.storage.new_user username, password, admin
 
       redirect env, "/admin/user"
@@ -65,23 +51,6 @@ class AdminRouter < Router
       admin = !env.params.body["admin"]?.nil?
       original_username = env.params.url["original_username"]
 
-      if username.size < 3
-        raise "Username should contain at least 3 characters"
-      end
-      if (username =~ /^[A-Za-z0-9_]+$/).nil?
-        raise "Username should contain alphanumeric characters " \
-              "and underscores only"
-      end
-
-      if password.size != 0
-        if password.size < 6
-          raise "Password should contain at least 6 characters"
-        end
-        if (password =~ /^[[:ascii:]]+$/).nil?
-          raise "password should contain ASCII characters only"
-        end
-      end
-
       @context.storage.update_user \
         original_username, username, password, admin
 
diff --git a/src/storage.cr b/src/storage.cr
index 82341a8..f577557 100644
--- a/src/storage.cr
+++ b/src/storage.cr
@@ -127,6 +127,8 @@ class Storage
   end
 
   def new_user(username, password, admin)
+    validate_username username
+    validate_password password
     admin = (admin ? 1 : 0)
     DB.open "sqlite3://#{@path}" do |db|
       hash = hash_password password
@@ -137,8 +139,10 @@ class Storage
 
   def update_user(original_username, username, password, admin)
     admin = (admin ? 1 : 0)
+    validate_username username
+    validate_password password unless password.empty?
     DB.open "sqlite3://#{@path}" do |db|
-      if password.size == 0
+      if password.empty?
         db.exec "update users set username = (?), admin = (?) " \
                 "where username = (?)",
           username, admin, original_username
diff --git a/src/util.cr b/src/util.cr
index cfdd2ea..767f79e 100644
--- a/src/util.cr
+++ b/src/util.cr
@@ -101,3 +101,22 @@ def redirect(env, path)
   base = Config.current.base_url
   env.redirect File.join base, path
 end
+
+def validate_username(username)
+  if username.size < 3
+    raise "Username should contain at least 3 characters"
+  end
+  if (username =~ /^[A-Za-z0-9_]+$/).nil?
+    raise "Username should contain alphanumeric characters " \
+          "and underscores only"
+  end
+end
+
+def validate_password(password)
+  if password.size < 6
+    raise "Password should contain at least 6 characters"
+  end
+  if (password =~ /^[[:ascii:]]+$/).nil?
+    raise "password should contain ASCII characters only"
+  end
+end