diff --git a/packages/react/src/components/AccountSettings/ChangePassword/ChangePassword.tsx b/packages/react/src/components/AccountSettings/ChangePassword/ChangePassword.tsx
index e7ee7961e1b..9c4e5acff67 100644
--- a/packages/react/src/components/AccountSettings/ChangePassword/ChangePassword.tsx
+++ b/packages/react/src/components/AccountSettings/ChangePassword/ChangePassword.tsx
@@ -1,53 +1,149 @@
 import React from 'react';
+import isEqual from 'lodash/isEqual';
 
 import { Logger } from 'aws-amplify';
-import { changePassword, translate } from '@aws-amplify/ui';
+import {
+  changePassword,
+  ValidatorOptions,
+  getDefaultConfirmPasswordValidators,
+  getDefaultPasswordValidators,
+  runFieldValidators,
+  translate,
+} from '@aws-amplify/ui';
 
 import { useAuth } from '../../../internal';
 import { View, Flex } from '../../../primitives';
+import { FormValues, BlurredFields, ValidationError } from '../types';
 import {
-  DefaultCurrentPassword,
+  DefaultPasswordField,
   DefaultError,
-  DefaultNewPassword,
   DefaultSubmitButton,
 } from './defaultComponents';
-import { ChangePasswordProps } from './types';
-import { FormValues } from '../types';
+import { ChangePasswordProps, ValidateParams } from './types';
 
 const logger = new Logger('ChangePassword');
 
+const getIsDisabled = (
+  formValues: FormValues,
+  validationError: ValidationError
+): boolean => {
+  const { currentPassword, newPassword, confirmPassword } = formValues;
+
+  const hasEmptyField = !currentPassword || !newPassword || !confirmPassword;
+  if (hasEmptyField) {
+    return true;
+  }
+
+  const arePasswordsInvalid =
+    validationError.newPassword?.length > 0 ||
+    validationError.confirmPassword?.length > 0;
+
+  return arePasswordsInvalid;
+};
+
 function ChangePassword({
   onSuccess,
   onError,
+  validators,
 }: ChangePasswordProps): JSX.Element | null {
   const [errorMessage, setErrorMessage] = React.useState<string>(null);
   const [formValues, setFormValues] = React.useState<FormValues>({});
-
+  const [validationError, setValidationError] = React.useState<ValidationError>(
+    {}
+  );
+  const blurredFields = React.useRef<BlurredFields>([]);
   const { user, isLoading } = useAuth();
 
-  /** Return null if Auth.getCurrentAuthenticatedUser is still in progress  */
-  if (isLoading) {
-    return null;
-  }
+  const isDisabled = getIsDisabled(formValues, validationError);
 
-  /** Return null if user isn't authenticated in the first place */
-  if (!user) {
-    logger.warn('<ChangePassword /> requires user to be authenticated.');
-    return null;
-  }
+  const passwordValidators: ValidatorOptions[] = React.useMemo(() => {
+    return validators ?? getDefaultPasswordValidators();
+  }, [validators]);
+
+  /*
+   * Note that formValues and other states are passed in as props so that
+   * it does not depend on whether or not those states have been updated yet
+   */
+  const validateNewPassword = React.useCallback(
+    ({ formValues, eventType }: ValidateParams): string[] => {
+      const { newPassword } = formValues;
+      const hasBlurred = blurredFields.current.includes('newPassword');
+
+      return runFieldValidators({
+        value: newPassword,
+        validators: passwordValidators,
+        eventType,
+        hasBlurred,
+      });
+    },
+    [passwordValidators]
+  );
+
+  const validateConfirmPassword = React.useCallback(
+    ({ formValues, eventType }: ValidateParams): string[] => {
+      const { newPassword, confirmPassword } = formValues;
+      const hasBlurred = blurredFields.current.includes('confirmPassword');
+
+      const confirmPasswordValidators =
+        getDefaultConfirmPasswordValidators(newPassword);
+
+      return runFieldValidators({
+        value: confirmPassword,
+        validators: confirmPasswordValidators,
+        eventType,
+        hasBlurred,
+      });
+    },
+    []
+  );
+
+  const runValidation = React.useCallback(
+    (param: ValidateParams) => {
+      const passwordErrors = validateNewPassword(param);
+      const confirmPasswordErrors = validateConfirmPassword(param);
 
-  /** Translations */
+      const newValidationError = {
+        newPassword: passwordErrors,
+        confirmPassword: confirmPasswordErrors,
+      };
+
+      // only re-render if errors have changed
+      if (!isEqual(validationError, newValidationError)) {
+        setValidationError(newValidationError);
+      }
+    },
+    [validateConfirmPassword, validateNewPassword, validationError]
+  );
+
+  /* Translations */
   // TODO: add AccountSettingsTextUtil to collect these strings
   const currentPasswordLabel = translate('Current Password');
   const newPasswordLabel = translate('New Password');
+  const confirmPasswordLabel = translate('Confirm Password');
   const updatePasswordText = translate('Update password');
 
-  /** Event Handlers */
+  /* Event Handlers */
   const handleChange = (event: React.ChangeEvent<HTMLInputElement>) => {
     event.preventDefault();
 
     const { name, value } = event.target;
-    setFormValues({ ...formValues, [name]: value });
+
+    const newFormValues = { ...formValues, [name]: value };
+    runValidation({ formValues: newFormValues, eventType: 'change' });
+
+    setFormValues(newFormValues);
+  };
+
+  const handleBlur = (event: React.FocusEvent<HTMLInputElement>) => {
+    event.preventDefault();
+
+    const { name } = event.target;
+    // only update state and run validation if this is the first time blurring the field
+    if (!blurredFields.current.includes(name)) {
+      const newBlurredFields = [...blurredFields.current, name];
+      blurredFields.current = newBlurredFields;
+      runValidation({ formValues, eventType: 'blur' });
+    }
   };
 
   const handleSubmit = async (event: React.FormEvent<HTMLFormElement>) => {
@@ -68,24 +164,47 @@ function ChangePassword({
     }
   };
 
+  // Return null if Auth.getCurrentAuthenticatedUser is still in progress
+  if (isLoading) {
+    return null;
+  }
+
+  // Return null if user isn't authenticated in the first place
+  if (!user) {
+    logger.warn('<ChangePassword /> requires user to be authenticated.');
+    return null;
+  }
+
   return (
     <View as="form" className="amplify-changepassword" onSubmit={handleSubmit}>
       <Flex direction="column">
-        <DefaultCurrentPassword
+        <DefaultPasswordField
           autoComplete="current-password"
           isRequired
           label={currentPasswordLabel}
           name="currentPassword"
+          onBlur={handleBlur}
           onChange={handleChange}
         />
-        <DefaultNewPassword
+        <DefaultPasswordField
           autoComplete="new-password"
           isRequired
           label={newPasswordLabel}
           name="newPassword"
+          onBlur={handleBlur}
+          onChange={handleChange}
+          validationErrors={validationError?.newPassword}
+        />
+        <DefaultPasswordField
+          autoComplete="new-password"
+          isRequired
+          label={confirmPasswordLabel}
+          name="confirmPassword"
+          onBlur={handleBlur}
           onChange={handleChange}
+          validationErrors={validationError?.confirmPassword}
         />
-        <DefaultSubmitButton type="submit">
+        <DefaultSubmitButton isDisabled={isDisabled} type="submit">
           {updatePasswordText}
         </DefaultSubmitButton>
         {errorMessage ? <DefaultError>{errorMessage}</DefaultError> : null}
diff --git a/packages/react/src/components/AccountSettings/ChangePassword/__tests__/ChangePassword.test.tsx b/packages/react/src/components/AccountSettings/ChangePassword/__tests__/ChangePassword.test.tsx
index fb3ef4e6b1f..046006f294d 100644
--- a/packages/react/src/components/AccountSettings/ChangePassword/__tests__/ChangePassword.test.tsx
+++ b/packages/react/src/components/AccountSettings/ChangePassword/__tests__/ChangePassword.test.tsx
@@ -14,6 +14,18 @@ jest.mock('../../../../internal', () => ({
 }));
 
 const changePasswordSpy = jest.spyOn(UIModule, 'changePassword');
+jest.spyOn(UIModule, 'getDefaultPasswordValidators').mockReturnValue([
+  {
+    validationMode: 'onTouched',
+    validator: (field) => /[a-z]/.test(field),
+    message: 'Password must have lower case letters',
+  },
+  {
+    validationMode: 'onTouched',
+    validator: (field) => /[A-Z]/.test(field),
+    message: 'Password must have upper case letters',
+  },
+]);
 
 describe('ChangePassword', () => {
   beforeEach(() => {
@@ -86,7 +98,7 @@ describe('ChangePassword', () => {
     await waitFor(() => expect(onError).toBeCalledTimes(1));
   });
 
-  it('error message is displayed after unsuccessful submit', async () => {
+  it('displays error message after unsuccessful submit', async () => {
     changePasswordSpy.mockRejectedValue(new Error('Mock Error'));
 
     const onError = jest.fn();
@@ -98,7 +110,127 @@ describe('ChangePassword', () => {
 
     fireEvent.submit(submitButton);
 
-    // submit handling is async, wait for error to be displayed
-    await waitFor(() => expect(screen.findByText('Mock Error')).toBeDefined());
+    expect(await screen.findByText('Mock Error')).toBeDefined();
+  });
+
+  it('disables submit button on init', async () => {
+    render(<ChangePassword />);
+
+    const submitButton = await screen.findByRole('button', {
+      name: 'Update password',
+    });
+
+    expect(submitButton).toHaveAttribute('disabled');
+  });
+
+  it('enables submit button once formValues are valid', async () => {
+    render(<ChangePassword />);
+
+    const currentPassword = await screen.findByLabelText('Current Password');
+    const newPassword = await screen.findByLabelText('New Password');
+    const confirmPassword = await screen.findByLabelText('Confirm Password');
+    const submitButton = await screen.findByRole('button', {
+      name: 'Update password',
+    });
+
+    fireEvent.input(currentPassword, {
+      target: { name: 'currentPassword', value: 'oldpassword' },
+    });
+
+    fireEvent.input(newPassword, {
+      target: { name: 'newPassword', value: 'Newpassword' },
+    });
+
+    fireEvent.input(confirmPassword, {
+      target: { name: 'newPassword', value: 'Newpassword' },
+    });
+
+    // validation handling is async, wait for button to be re-enabled.
+    waitFor(() => expect(submitButton).not.toHaveAttribute('disabled'));
+  });
+
+  it('displays new password validation error message', async () => {
+    render(<ChangePassword />);
+
+    const newPassword = await screen.findByLabelText('New Password');
+    const submitButton = await screen.findByRole('button', {
+      name: 'Update password',
+    });
+
+    fireEvent.input(newPassword, {
+      target: { name: 'newPassword', value: 'badpassword' },
+    });
+
+    fireEvent.blur(newPassword, {
+      target: { name: 'newPassword' },
+    });
+
+    const validationError = await screen.findByText(
+      'Password must have upper case letters'
+    );
+
+    expect(validationError).toBeDefined();
+    expect(submitButton).toHaveAttribute('disabled');
+  });
+
+  it('displays confirm password validation error message', async () => {
+    render(<ChangePassword />);
+
+    const newPassword = await screen.findByLabelText('New Password');
+    const confirmPassword = await screen.findByLabelText('Confirm Password');
+    const submitButton = await screen.findByRole('button', {
+      name: 'Update password',
+    });
+
+    fireEvent.input(newPassword, {
+      target: { name: 'newPassword', value: 'newpassword' },
+    });
+
+    fireEvent.input(confirmPassword, {
+      target: { name: 'confirmPassword', value: 'differentpassword' },
+    });
+
+    fireEvent.blur(confirmPassword, {
+      target: { name: 'confirmPassword' },
+    });
+
+    const validationError = await screen.findByText(
+      'Your passwords must match'
+    );
+
+    expect(validationError).toBeDefined();
+    expect(submitButton).toHaveAttribute('disabled');
+  });
+
+  it('displays custom password validation error messages', async () => {
+    const minLength: UIModule.ValidatorOptions = {
+      validationMode: 'onChange',
+      validator: (password) => password.length >= 8,
+      message: 'Password must have length 4 or greater',
+    };
+
+    const hasSpecialChar: UIModule.ValidatorOptions = {
+      validationMode: 'onChange',
+      validator: (password) => password.includes('*'),
+      message: 'Password must have a star',
+    };
+    render(<ChangePassword validators={[minLength, hasSpecialChar]} />);
+
+    const newPassword = await screen.findByLabelText('New Password');
+    const submitButton = await screen.findByRole('button', {
+      name: 'Update password',
+    });
+
+    fireEvent.input(newPassword, {
+      target: { name: 'newPassword', value: 'badpw' },
+    });
+
+    const minLengthError = await screen.findByText(minLength.message);
+
+    const specialCharError = await screen.findByText(hasSpecialChar.message);
+
+    expect(minLengthError).toBeDefined();
+    expect(specialCharError).toBeDefined();
+    expect(submitButton).toHaveAttribute('disabled');
   });
 });
diff --git a/packages/react/src/components/AccountSettings/ChangePassword/__tests__/__snapshots__/ChangePassword.test.tsx.snap b/packages/react/src/components/AccountSettings/ChangePassword/__tests__/__snapshots__/ChangePassword.test.tsx.snap
index 21fd209be27..81adbf4c813 100644
--- a/packages/react/src/components/AccountSettings/ChangePassword/__tests__/__snapshots__/ChangePassword.test.tsx.snap
+++ b/packages/react/src/components/AccountSettings/ChangePassword/__tests__/__snapshots__/ChangePassword.test.tsx.snap
@@ -139,9 +139,75 @@ exports[`ChangePassword renders as expected 1`] = `
           </div>
         </div>
       </div>
+      <div
+        class="amplify-flex amplify-field amplify-textfield amplify-passwordfield"
+      >
+        <label
+          class="amplify-label"
+          for="amplify-id-2"
+        >
+          Confirm Password
+        </label>
+        <div
+          class="amplify-flex amplify-field-group amplify-field-group--horizontal"
+          data-orientation="horizontal"
+        >
+          <div
+            class="amplify-field-group__field-wrapper amplify-field-group__field-wrapper--horizontal"
+            data-orientation="horizontal"
+          >
+            <input
+              aria-invalid="false"
+              autocomplete="new-password"
+              class="amplify-input amplify-field-group__control"
+              id="amplify-id-2"
+              name="confirmPassword"
+              required=""
+              type="password"
+            />
+          </div>
+          <div
+            class="amplify-field-group__outer-end"
+          >
+            <button
+              aria-checked="false"
+              aria-label="Show password"
+              class="amplify-button amplify-field-group__control amplify-field__show-password"
+              data-fullwidth="false"
+              role="switch"
+              type="button"
+            >
+              <span
+                aria-live="polite"
+                class="amplify-visually-hidden"
+              >
+                Password is hidden
+              </span>
+              <span
+                class="amplify-icon"
+                style="width: 1em; height: 1em;"
+              >
+                <svg
+                  fill="none"
+                  height="24"
+                  viewBox="0 0 24 24"
+                  width="24"
+                  xmlns="http://www.w3.org/2000/svg"
+                >
+                  <path
+                    d="M12 6C15.79 6 19.17 8.13 20.82 11.5C19.17 14.87 15.79 17 12 17C8.21 17 4.83 14.87 3.18 11.5C4.83 8.13 8.21 6 12 6ZM12 4C7 4 2.73 7.11 1 11.5C2.73 15.89 7 19 12 19C17 19 21.27 15.89 23 11.5C21.27 7.11 17 4 12 4ZM12 9C13.38 9 14.5 10.12 14.5 11.5C14.5 12.88 13.38 14 12 14C10.62 14 9.5 12.88 9.5 11.5C9.5 10.12 10.62 9 12 9ZM12 7C9.52 7 7.5 9.02 7.5 11.5C7.5 13.98 9.52 16 12 16C14.48 16 16.5 13.98 16.5 11.5C16.5 9.02 14.48 7 12 7Z"
+                    fill="currentColor"
+                  />
+                </svg>
+              </span>
+            </button>
+          </div>
+        </div>
+      </div>
       <button
-        class="amplify-button amplify-field-group__control"
+        class="amplify-button amplify-field-group__control amplify-button--disabled"
         data-fullwidth="false"
+        disabled=""
         type="submit"
       >
         Update password
diff --git a/packages/react/src/components/AccountSettings/ChangePassword/defaultComponents.tsx b/packages/react/src/components/AccountSettings/ChangePassword/defaultComponents.tsx
index 959c33b36e2..6af34b32388 100644
--- a/packages/react/src/components/AccountSettings/ChangePassword/defaultComponents.tsx
+++ b/packages/react/src/components/AccountSettings/ChangePassword/defaultComponents.tsx
@@ -1,5 +1,6 @@
 import React from 'react';
 import { Alert, Button, PasswordField } from '../../../primitives';
+import { ValidationErrors } from '../../shared/ValidationErrors';
 import {
   AccountSettingsError,
   AccountSettingsPasswordField,
@@ -8,12 +9,16 @@ import {
 
 /** ChangePassword subcomponents */
 // TODO: enable component override
-export const DefaultCurrentPassword: AccountSettingsPasswordField = (props) => {
-  return <PasswordField {...props} />;
-};
-
-export const DefaultNewPassword: AccountSettingsPasswordField = (props) => {
-  return <PasswordField {...props} />;
+export const DefaultPasswordField: AccountSettingsPasswordField = ({
+  validationErrors,
+  ...rest
+}) => {
+  return (
+    <>
+      <PasswordField {...rest} />
+      <ValidationErrors errors={validationErrors} />
+    </>
+  );
 };
 
 export const DefaultSubmitButton: AccountSettingsSubmitButton = ({
diff --git a/packages/react/src/components/AccountSettings/ChangePassword/types.ts b/packages/react/src/components/AccountSettings/ChangePassword/types.ts
index 365222424e0..99d10891797 100644
--- a/packages/react/src/components/AccountSettings/ChangePassword/types.ts
+++ b/packages/react/src/components/AccountSettings/ChangePassword/types.ts
@@ -1,6 +1,15 @@
+import { InputEventType, ValidatorOptions } from '@aws-amplify/ui';
+import { FormValues } from '../types';
+
+export type ValidateParams = {
+  formValues: FormValues;
+  eventType: InputEventType;
+};
 export interface ChangePasswordProps {
-  // callback once password is successfully updated
+  /** callback once password is successfully updated */
   onSuccess?: () => void;
-  // callback when there's an error
+  /** callback when there's an error */
   onError?: (error: Error) => void;
+  /** custom password validations */
+  validators?: ValidatorOptions[];
 }
diff --git a/packages/react/src/components/AccountSettings/types.ts b/packages/react/src/components/AccountSettings/types.ts
index 75f62b5dd36..cd7a352b064 100644
--- a/packages/react/src/components/AccountSettings/types.ts
+++ b/packages/react/src/components/AccountSettings/types.ts
@@ -20,7 +20,7 @@ type CommonAlertProps = PrimitiveProps<AlertProps, 'div'>;
  */
 export type AccountSettingsPasswordField<Props = {}> = React.ComponentType<
   // `Props` generic allows additional props passed on override components
-  Props & CommonPasswordFieldProps
+  Props & CommonPasswordFieldProps & { validationErrors?: string[] }
 >;
 
 export type AccountSettingsSubmitButton<Props = {}> = React.ComponentType<
@@ -31,5 +31,9 @@ export type AccountSettingsError<Props = {}> = React.ComponentType<
   Props & CommonAlertProps
 >;
 
-/** Form specific types */
+/* Form specific types */
 export type FormValues = Record<string, string>;
+
+export type BlurredFields = string[];
+
+export type ValidationError = Record<string, string[]>;
diff --git a/packages/ui/src/helpers/accountSettings/__tests__/__snapshots__/validator.test.ts.snap b/packages/ui/src/helpers/accountSettings/__tests__/__snapshots__/validator.test.ts.snap
new file mode 100644
index 00000000000..10165b565cb
--- /dev/null
+++ b/packages/ui/src/helpers/accountSettings/__tests__/__snapshots__/validator.test.ts.snap
@@ -0,0 +1,46 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`getDefaultPasswordValidators returns validators as expected for full Amplify config  1`] = `
+Array [
+  Object {
+    "message": "Password must have at least 8 characters",
+    "validationMode": "onTouched",
+    "validator": [Function],
+  },
+  Object {
+    "message": "Password must have lower case letters",
+    "validationMode": "onTouched",
+    "validator": [Function],
+  },
+  Object {
+    "message": "Password must have upper case letters",
+    "validationMode": "onTouched",
+    "validator": [Function],
+  },
+  Object {
+    "message": "Password must have numbers",
+    "validationMode": "onTouched",
+    "validator": [Function],
+  },
+  Object {
+    "message": "Password must have special characters",
+    "validationMode": "onTouched",
+    "validator": [Function],
+  },
+]
+`;
+
+exports[`getDefaultPasswordValidators returns validators as expected for partial Amplify config  1`] = `
+Array [
+  Object {
+    "message": "Password must have lower case letters",
+    "validationMode": "onTouched",
+    "validator": [Function],
+  },
+  Object {
+    "message": "Password must have upper case letters",
+    "validationMode": "onTouched",
+    "validator": [Function],
+  },
+]
+`;
diff --git a/packages/ui/src/helpers/accountSettings/__tests__/validator.test.ts b/packages/ui/src/helpers/accountSettings/__tests__/validator.test.ts
new file mode 100644
index 00000000000..579275fb88d
--- /dev/null
+++ b/packages/ui/src/helpers/accountSettings/__tests__/validator.test.ts
@@ -0,0 +1,197 @@
+import { Amplify } from 'aws-amplify';
+
+import {
+  getDefaultPasswordValidators,
+  getHasMinLength,
+  getPasswordRequirement,
+  hasLowerCase,
+  hasNumber,
+  hasSpecialChar,
+  hasUpperCase,
+  getMatchesConfirmPassword,
+} from '../validator';
+
+const partialAmplifyPasswordConfig = {
+  aws_cognito_password_protection_settings: {
+    passwordPolicyCharacters: ['REQUIRES_LOWERCASE', 'REQUIRES_UPPERCASE'],
+  },
+};
+
+const fullAmplifyPasswordConfig = {
+  aws_cognito_password_protection_settings: {
+    passwordPolicyMinLength: 8,
+    passwordPolicyCharacters: [
+      'REQUIRES_LOWERCASE',
+      'REQUIRES_NUMBERS',
+      'REQUIRES_SYMBOLS',
+      'REQUIRES_UPPERCASE',
+    ],
+  },
+};
+
+const configureSpy = jest.spyOn(Amplify, 'configure');
+
+describe('getHasMinLength', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('returns minLength validator as expected', () => {
+    const validator = getHasMinLength(4);
+    expect(validator).toMatchObject({
+      validator: expect.any(Function),
+      message: 'Password must have at least 4 characters',
+      validationMode: 'onTouched',
+    });
+  });
+
+  it('validates to true when password is long enough', () => {
+    const { validator } = getHasMinLength(4);
+    const isValid = validator('longpassword');
+    expect(isValid).toBe(true);
+  });
+
+  it('validates to false when password is too short', () => {
+    const { validator } = getHasMinLength(4);
+    const isValid = validator('hi');
+    expect(isValid).toBe(false);
+  });
+});
+
+describe('hasLowerCase', () => {
+  it('validates to true when password has lower case', () => {
+    const { validator } = hasLowerCase;
+    const isValid = validator('password');
+    expect(isValid).toBe(true);
+  });
+
+  it('validates to false when password has no lower case', () => {
+    const { validator } = hasLowerCase;
+    const isValid = validator('PASSWORD');
+    expect(isValid).toBe(false);
+  });
+});
+
+describe('hasUpperCase', () => {
+  it('validates to true when password has upper case', () => {
+    const { validator } = hasUpperCase;
+    const isValid = validator('PASSWORD');
+    expect(isValid).toBe(true);
+  });
+
+  it('validates to false when password has no upper case', () => {
+    const { validator } = hasUpperCase;
+    const isValid = validator('password');
+    expect(isValid).toBe(false);
+  });
+});
+
+describe('hasNumber', () => {
+  it('validates to true when password has number', () => {
+    const { validator } = hasNumber;
+    const isValid = validator('password123');
+    expect(isValid).toBe(true);
+  });
+
+  it('validates to false when password has no number', () => {
+    const { validator } = hasNumber;
+    const isValid = validator('password');
+    expect(isValid).toBe(false);
+  });
+});
+
+describe('hasSpecialChar', () => {
+  it('validates to true when password has special character', () => {
+    const { validator } = hasSpecialChar;
+    const isValid = validator('password!');
+    expect(isValid).toBe(true);
+  });
+
+  it('validates to false when password has no special character', () => {
+    const { validator } = hasSpecialChar;
+    const isValid = validator('password');
+    expect(isValid).toBe(false);
+  });
+});
+
+describe('getPasswordRequirement', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('returns null if Amplify.configure() is empty', () => {
+    configureSpy.mockReturnValue({});
+    const requirements = getPasswordRequirement();
+    expect(requirements).toBeNull();
+  });
+
+  it('returns expected password requirements if full amplify config', () => {
+    configureSpy.mockReturnValue(fullAmplifyPasswordConfig);
+    const requirements = getPasswordRequirement();
+    expect(requirements).toMatchObject({
+      minLength: 8,
+      needsLowerCase: true,
+      needsNumber: true,
+      needsSpecialChar: true,
+      needsUpperCase: true,
+    });
+  });
+
+  it('returns expected password requirements if partial amplify config', () => {
+    configureSpy.mockReturnValue(partialAmplifyPasswordConfig);
+    const requirements = getPasswordRequirement();
+    expect(requirements).toMatchObject({
+      needsLowerCase: true,
+      needsNumber: false,
+      needsSpecialChar: false,
+      needsUpperCase: true,
+    });
+  });
+});
+
+describe('getDefaultPasswordValidators', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('returns validators as expected for partial Amplify config ', () => {
+    configureSpy.mockReturnValue(partialAmplifyPasswordConfig);
+    const validators = getDefaultPasswordValidators();
+    expect(validators).toMatchSnapshot();
+  });
+
+  it('returns validators as expected for full Amplify config ', () => {
+    configureSpy.mockReturnValue(fullAmplifyPasswordConfig);
+    const validators = getDefaultPasswordValidators();
+    expect(validators).toMatchSnapshot();
+  });
+
+  it('returns empty array for empty amplify config', () => {
+    configureSpy.mockReturnValue({});
+    const validators = getDefaultPasswordValidators();
+    expect(validators).toStrictEqual([]);
+  });
+});
+
+describe('getConfirmPassword', () => {
+  it('returns confirm password valiator as expected', () => {
+    const validator = getMatchesConfirmPassword('pw');
+    expect(validator).toMatchObject({
+      validator: expect.any(Function),
+      message: 'Your passwords must match',
+      validationMode: 'onTouched',
+    });
+  });
+
+  it('validates to true when passwords match', () => {
+    const { validator } = getMatchesConfirmPassword('myPassword');
+    const isValid = validator('myPassword');
+    expect(isValid).toBe(true);
+  });
+
+  it('validates to false when passwords do not match', () => {
+    const { validator } = getMatchesConfirmPassword('myPassword');
+    const isValid = validator('mismatchingPassword');
+    expect(isValid).toBe(false);
+  });
+});
diff --git a/packages/ui/src/helpers/accountSettings/index.ts b/packages/ui/src/helpers/accountSettings/index.ts
index ec30a311202..e5099c8ad79 100644
--- a/packages/ui/src/helpers/accountSettings/index.ts
+++ b/packages/ui/src/helpers/accountSettings/index.ts
@@ -1 +1,6 @@
-export { changePassword, deleteUser } from './utils';
+export * from './utils';
+export {
+  getDefaultConfirmPasswordValidators,
+  getDefaultPasswordValidators,
+  runFieldValidators,
+} from './validator';
diff --git a/packages/ui/src/helpers/accountSettings/utils.ts b/packages/ui/src/helpers/accountSettings/utils.ts
index cc9f9e9e5ba..1225608248b 100644
--- a/packages/ui/src/helpers/accountSettings/utils.ts
+++ b/packages/ui/src/helpers/accountSettings/utils.ts
@@ -1,6 +1,6 @@
-import { AmplifyUser } from '../../types';
 import { Auth } from 'aws-amplify';
 
+import { AmplifyUser } from '../../types';
 import { getLogger } from '../utils';
 
 const logger = getLogger('Auth');
diff --git a/packages/ui/src/helpers/accountSettings/validator.ts b/packages/ui/src/helpers/accountSettings/validator.ts
new file mode 100644
index 00000000000..d9e45abe78c
--- /dev/null
+++ b/packages/ui/src/helpers/accountSettings/validator.ts
@@ -0,0 +1,170 @@
+import { Amplify } from 'aws-amplify';
+import { hasSpecialChars } from '../authenticator';
+import {
+  ValidatorOptions,
+  PasswordSettings,
+  PasswordRequirement,
+  ValidationMode,
+  InputEventType,
+} from '../../types';
+
+// gets password requirement from Amplify.configure data
+export const getPasswordRequirement = (): PasswordRequirement => {
+  // need to cast to any because `Amplify.configure()` isn't typed properly
+  const config = Amplify.configure() as any;
+  const passwordSettings =
+    config?.aws_cognito_password_protection_settings as PasswordSettings;
+
+  if (!passwordSettings) {
+    return null;
+  }
+
+  const {
+    passwordPolicyCharacters: characterPolicy = [],
+    passwordPolicyMinLength: minLength,
+  } = passwordSettings;
+
+  return {
+    minLength,
+    needsLowerCase: characterPolicy.includes('REQUIRES_LOWERCASE'),
+    needsUpperCase: characterPolicy.includes('REQUIRES_UPPERCASE'),
+    needsNumber: characterPolicy.includes('REQUIRES_NUMBERS'),
+    needsSpecialChar: characterPolicy.includes('REQUIRES_SYMBOLS'),
+  };
+};
+
+export const getHasMinLength = (minLength: number): ValidatorOptions => ({
+  validationMode: 'onTouched',
+  validator: (field) => field.length >= minLength,
+  message: `Password must have at least ${minLength} characters`,
+});
+
+export const hasLowerCase: ValidatorOptions = {
+  validationMode: 'onTouched',
+  validator: (field) => /[a-z]/.test(field),
+  message: 'Password must have lower case letters',
+};
+
+export const hasUpperCase: ValidatorOptions = {
+  validationMode: 'onTouched',
+  validator: (field) => /[A-Z]/.test(field),
+  message: 'Password must have upper case letters',
+};
+
+export const hasNumber: ValidatorOptions = {
+  validationMode: 'onTouched',
+  validator: (field) => /[0-9]/.test(field),
+  message: 'Password must have numbers',
+};
+
+export const hasSpecialChar: ValidatorOptions = {
+  validationMode: 'onTouched',
+  validator: (field) => hasSpecialChars(field),
+  message: 'Password must have special characters',
+};
+
+export const getMatchesConfirmPassword = (
+  password: string
+): ValidatorOptions => {
+  return {
+    validationMode: 'onTouched',
+    validator: (confirmPassword) => password === confirmPassword,
+    message: 'Your passwords must match',
+  };
+};
+
+export const getDefaultPasswordValidators = (): ValidatorOptions[] => {
+  const requirement = getPasswordRequirement();
+  if (!requirement) return [];
+
+  const validators: ValidatorOptions[] = [];
+
+  const {
+    minLength,
+    needsLowerCase,
+    needsUpperCase,
+    needsNumber,
+    needsSpecialChar,
+  } = requirement;
+
+  if (minLength) {
+    validators.push(getHasMinLength(minLength));
+  }
+
+  if (needsLowerCase) {
+    validators.push(hasLowerCase);
+  }
+  if (needsUpperCase) {
+    validators.push(hasUpperCase);
+  }
+  if (needsNumber) {
+    validators.push(hasNumber);
+  }
+  if (needsSpecialChar) {
+    validators.push(hasSpecialChar);
+  }
+
+  return validators;
+};
+
+export const getDefaultConfirmPasswordValidators = (
+  password: string
+): ValidatorOptions[] => {
+  return [getMatchesConfirmPassword(password)];
+};
+
+/*
+ * `shouldValidate` determines whether validator should be run, based on validation mode,
+ * input event type, and whether it has been blurred yet.
+ */
+export const shouldValidate = ({
+  validationMode,
+  eventType,
+  hasBlurred,
+}: {
+  validationMode: ValidationMode;
+  eventType: InputEventType;
+  hasBlurred: boolean;
+}) => {
+  switch (validationMode) {
+    case 'onBlur': {
+      // only run validator on blur event
+      return eventType === 'blur';
+    }
+    case 'onChange': {
+      // only run validator on change event
+      return eventType === 'change';
+    }
+    case 'onTouched': {
+      /**
+       * run validator on first blur event, and then every subsequent
+       * blur/change event.
+       */
+      return eventType === 'blur' || hasBlurred;
+    }
+  }
+};
+
+// `runFieldValidator` runs all validators, and returns error messages.
+export const runFieldValidators = ({
+  value,
+  validators,
+  eventType,
+  hasBlurred,
+}: {
+  value: string;
+  validators: ValidatorOptions[];
+  eventType: InputEventType;
+  hasBlurred: boolean;
+}): string[] => {
+  if (!value) return [];
+
+  return validators.reduce((prevErrors, validatorSpec) => {
+    const { validator, validationMode, message } = validatorSpec;
+
+    if (shouldValidate({ validationMode, eventType, hasBlurred })) {
+      const hasError = !validator(value);
+      return hasError ? [...prevErrors, message] : prevErrors;
+    }
+  }, []);
+};
diff --git a/packages/ui/src/types/accountSettings/index.ts b/packages/ui/src/types/accountSettings/index.ts
new file mode 100644
index 00000000000..80bf090fa4c
--- /dev/null
+++ b/packages/ui/src/types/accountSettings/index.ts
@@ -0,0 +1 @@
+export * from './validator';
diff --git a/packages/ui/src/types/accountSettings/validator.ts b/packages/ui/src/types/accountSettings/validator.ts
new file mode 100644
index 00000000000..b8a33db4ced
--- /dev/null
+++ b/packages/ui/src/types/accountSettings/validator.ts
@@ -0,0 +1,17 @@
+export type InputEventType = 'blur' | 'change';
+
+export type ValidationMode = 'onBlur' | 'onChange' | 'onTouched';
+
+export interface ValidatorOptions {
+  validationMode: ValidationMode;
+  validator: (value: string) => boolean;
+  message: string;
+}
+
+export interface PasswordRequirement {
+  minLength?: number;
+  needsLowerCase?: boolean;
+  needsUpperCase?: boolean;
+  needsSpecialChar?: boolean;
+  needsNumber?: boolean;
+}
diff --git a/packages/ui/src/types/authenticator/form.ts b/packages/ui/src/types/authenticator/form.ts
index 7cfd4ed8675..f1e55f2d439 100644
--- a/packages/ui/src/types/authenticator/form.ts
+++ b/packages/ui/src/types/authenticator/form.ts
@@ -84,6 +84,8 @@ export type PasswordPolicyRules =
   | 'REQUIRES_NUMBERS'
   | 'REQUIRES_SYMBOLS'
   | 'REQUIRES_UPPERCASE';
+
+// password setting directly coming from Amplify.Auth
 export interface PasswordSettings {
   passwordPolicyMinLength: number;
   passwordPolicyCharacters: Array<PasswordPolicyRules>;
diff --git a/packages/ui/src/types/index.ts b/packages/ui/src/types/index.ts
index 6fb9aadbb94..d13af4bc154 100644
--- a/packages/ui/src/types/index.ts
+++ b/packages/ui/src/types/index.ts
@@ -1,3 +1,4 @@
+export * from './accountSettings';
 export * from './authenticator';
 export * from './primitives';
 export * from './util';