diff --git a/frontend/src/pages/GeneralSettings/Security/index.jsx b/frontend/src/pages/GeneralSettings/Security/index.jsx
index 7d60aadadaf897674b792322f56d3205b132147b..94655fea6269212d4861a4b5f00727446a03df56 100644
--- a/frontend/src/pages/GeneralSettings/Security/index.jsx
+++ b/frontend/src/pages/GeneralSettings/Security/index.jsx
@@ -190,6 +190,7 @@ function MultiUserMode() {
   );
 }
 
+const PW_REGEX = new RegExp(/^[a-zA-Z0-9_\-!@$%^&*();]+$/);
 function PasswordProtection() {
   const [saving, setSaving] = useState(false);
   const [hasChanges, setHasChanges] = useState(false);
@@ -200,10 +201,19 @@ function PasswordProtection() {
   const handleSubmit = async (e) => {
     e.preventDefault();
     if (multiUserModeEnabled) return false;
+    const form = new FormData(e.target);
+
+    if (!PW_REGEX.test(form.get("password"))) {
+      showToast(
+        `Your password has restricted characters in it. Allowed symbols are _,-,!,@,$,%,^,&,*,(,),;`,
+        "error"
+      );
+      setSaving(false);
+      return;
+    }
 
     setSaving(true);
     setHasChanges(false);
-    const form = new FormData(e.target);
     const data = {
       usePassword,
       newPassword: form.get("password"),
@@ -323,9 +333,9 @@ function PasswordProtection() {
             </div>
             <div className="flex items-center justify-between space-x-14">
               <p className="text-white/80 text-xs rounded-lg w-96">
-                By default, you will be the only admin. As an admin you will
-                need to create accounts for all new users or admins. Do not lose
-                your password as only an Admin user can reset passwords.
+                By default, anyone with this password can log into the instance.
+                Do not lose this password as only the instance maintainer is
+                able to retrieve or reset the password once set.
               </p>
             </div>
           </div>
diff --git a/server/utils/helpers/updateENV.js b/server/utils/helpers/updateENV.js
index 39223c3343e6c10add34224d06cf679fd9090863..e2f5c7526e9ae0562d011f7e47f4a7aeab7e5cbb 100644
--- a/server/utils/helpers/updateENV.js
+++ b/server/utils/helpers/updateENV.js
@@ -338,7 +338,7 @@ const KEY_MAPPING = {
   // System Settings
   AuthToken: {
     envKey: "AUTH_TOKEN",
-    checks: [requiresForceMode],
+    checks: [requiresForceMode, noRestrictedChars],
   },
   JWTSecret: {
     envKey: "JWT_SECRET",
@@ -574,6 +574,13 @@ function validHuggingFaceEndpoint(input = "") {
     : null;
 }
 
+function noRestrictedChars(input = "") {
+  const regExp = new RegExp(/^[a-zA-Z0-9_\-!@$%^&*();]+$/);
+  return !regExp.test(input)
+    ? `Your password has restricted characters in it. Allowed symbols are _,-,!,@,$,%,^,&,*,(,),;`
+    : null;
+}
+
 // This will force update .env variables which for any which reason were not able to be parsed or
 // read from an ENV file as this seems to be a complicating step for many so allowing people to write
 // to the process will at least alleviate that issue. It does not perform comprehensive validity checks or sanity checks