diff --git a/src/Http/Controllers/Inertia/CurrentUserController.php b/src/Http/Controllers/Inertia/CurrentUserController.php
index 119359368..077f98ead 100644
--- a/src/Http/Controllers/Inertia/CurrentUserController.php
+++ b/src/Http/Controllers/Inertia/CurrentUserController.php
@@ -22,7 +22,7 @@ class CurrentUserController extends Controller
     public function destroy(Request $request, StatefulGuard $auth)
     {
         $request->validate([
-            'password' => 'password',
+            'password' => 'required|string|password',
         ]);
 
         app(DeletesUsers::class)->delete($request->user()->fresh());
diff --git a/src/Http/Controllers/Inertia/OtherBrowserSessionsController.php b/src/Http/Controllers/Inertia/OtherBrowserSessionsController.php
index eb72d3f3f..3d75e80d1 100644
--- a/src/Http/Controllers/Inertia/OtherBrowserSessionsController.php
+++ b/src/Http/Controllers/Inertia/OtherBrowserSessionsController.php
@@ -21,7 +21,7 @@ class OtherBrowserSessionsController extends Controller
     public function destroy(Request $request, StatefulGuard $guard)
     {
         $request->validate([
-            'password' => 'password',
+            'password' => 'required|string|password',
         ]);
 
         $guard->logoutOtherDevices($request->password);