diff --git a/backend/internal/setup/handler.go b/backend/internal/setup/handler.go
index 1531c97b..c2944ced 100644
--- a/backend/internal/setup/handler.go
+++ b/backend/internal/setup/handler.go
@@ -247,6 +247,12 @@ func install(c *gin.Context) {
 		return
 	}
 
+	req.Admin.Email = strings.TrimSpace(req.Admin.Email)
+	req.Database.Host = strings.TrimSpace(req.Database.Host)
+	req.Database.User = strings.TrimSpace(req.Database.User)
+	req.Database.DBName = strings.TrimSpace(req.Database.DBName)
+	req.Redis.Host = strings.TrimSpace(req.Redis.Host)
+
 	// ========== COMPREHENSIVE INPUT VALIDATION ==========
 	// Database validation
 	if !validateHostname(req.Database.Host) {
@@ -319,13 +325,6 @@ func install(c *gin.Context) {
 		return
 	}
 
-	// Trim whitespace from string inputs
-	req.Admin.Email = strings.TrimSpace(req.Admin.Email)
-	req.Database.Host = strings.TrimSpace(req.Database.Host)
-	req.Database.User = strings.TrimSpace(req.Database.User)
-	req.Database.DBName = strings.TrimSpace(req.Database.DBName)
-	req.Redis.Host = strings.TrimSpace(req.Redis.Host)
-
 	cfg := &SetupConfig{
 		Database: req.Database,
 		Redis:    req.Redis,
diff --git a/frontend/src/i18n/locales/en.ts b/frontend/src/i18n/locales/en.ts
index 26edcfe9..8d15cee5 100644
--- a/frontend/src/i18n/locales/en.ts
+++ b/frontend/src/i18n/locales/en.ts
@@ -218,7 +218,7 @@ export default {
       email: 'Email',
       password: 'Password',
       confirmPassword: 'Confirm Password',
-      passwordPlaceholder: 'Min 6 characters',
+      passwordPlaceholder: 'Min 8 characters',
       confirmPasswordPlaceholder: 'Confirm password',
       passwordMismatch: 'Passwords do not match'
     },
diff --git a/frontend/src/i18n/locales/zh.ts b/frontend/src/i18n/locales/zh.ts
index 39c900ca..c516b699 100644
--- a/frontend/src/i18n/locales/zh.ts
+++ b/frontend/src/i18n/locales/zh.ts
@@ -218,7 +218,7 @@ export default {
       email: '邮箱',
       password: '密码',
       confirmPassword: '确认密码',
-      passwordPlaceholder: '至少 6 个字符',
+      passwordPlaceholder: '至少 8 个字符',
       confirmPasswordPlaceholder: '确认密码',
       passwordMismatch: '密码不匹配'
     },
diff --git a/frontend/src/views/setup/SetupWizardView.vue b/frontend/src/views/setup/SetupWizardView.vue
index fcf5aa72..5774899e 100644
--- a/frontend/src/views/setup/SetupWizardView.vue
+++ b/frontend/src/views/setup/SetupWizardView.vue
@@ -565,7 +565,7 @@ const canProceed = computed(() => {
     case 2:
       return (
         formData.admin.email &&
-        formData.admin.password.length >= 6 &&
+        formData.admin.password.length >= 8 &&
         formData.admin.password === confirmPassword.value
       )
     default:
@@ -582,8 +582,9 @@ async function testDatabaseConnection() {
     await testDatabase(formData.database)
     dbConnected.value = true
   } catch (error: unknown) {
-    const err = error as { response?: { data?: { detail?: string } }; message?: string }
-    errorMessage.value = err.response?.data?.detail || err.message || 'Connection failed'
+    const err = error as { response?: { data?: { detail?: string; message?: string } }; message?: string }
+    errorMessage.value =
+      err.response?.data?.detail || err.response?.data?.message || err.message || 'Connection failed'
   } finally {
     testingDb.value = false
   }
@@ -598,8 +599,9 @@ async function testRedisConnection() {
     await testRedis(formData.redis)
     redisConnected.value = true
   } catch (error: unknown) {
-    const err = error as { response?: { data?: { detail?: string } }; message?: string }
-    errorMessage.value = err.response?.data?.detail || err.message || 'Connection failed'
+    const err = error as { response?: { data?: { detail?: string; message?: string } }; message?: string }
+    errorMessage.value =
+      err.response?.data?.detail || err.response?.data?.message || err.message || 'Connection failed'
   } finally {
     testingRedis.value = false
   }
@@ -622,8 +624,9 @@ async function performInstall() {
     // Start polling for service restart
     waitForServiceRestart()
   } catch (error: unknown) {
-    const err = error as { response?: { data?: { detail?: string } }; message?: string }
-    errorMessage.value = err.response?.data?.detail || err.message || 'Installation failed'
+    const err = error as { response?: { data?: { detail?: string; message?: string } }; message?: string }
+    errorMessage.value =
+      err.response?.data?.detail || err.response?.data?.message || err.message || 'Installation failed'
   } finally {
     installing.value = false
   }