diff --git a/ZScoDoc.py b/ZScoDoc.py
index 7d1227a41..b627d45a3 100644
--- a/ZScoDoc.py
+++ b/ZScoDoc.py
@@ -83,7 +83,7 @@ from sco_permissions import ScoView, ScoSuperAdmin
 from sco_exceptions import AccessDenied
 from notes_log import log
 import sco_find_etud
-from ZScoUsers import pwdFascistCheck
+import sco_users
 
 
 class ZScoDoc(ObjectManager, PropertyManager, RoleManager, Item, Persistent, Implicit):
@@ -225,7 +225,7 @@ class ZScoDoc(ObjectManager, PropertyManager, RoleManager, Item, Persistent, Imp
             raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération")
         log("trying to change admin password")
         # 1-- check strong password
-        if pwdFascistCheck(password) != None:
+        if not sco_users.is_valid_password(password):
             log("refusing weak password")
             return REQUEST.RESPONSE.redirect(
                 "change_admin_user_form?message=Mot%20de%20passe%20trop%20simple,%20recommencez"
diff --git a/ZScoUsers.py b/ZScoUsers.py
index 0e03a39e0..9e9dd9246 100644
--- a/ZScoUsers.py
+++ b/ZScoUsers.py
@@ -47,24 +47,7 @@ from TrivialFormulator import TrivialFormulator, TF
 from gen_tables import GenTable
 import scolars
 import sco_cache
-
-# ----------------- password checking
-import cracklib
-
-
-def pwdFascistCheck(cleartxt):
-    "returns None if OK"
-    if (
-        hasattr(CONFIG, "MIN_PASSWORD_LENGTH")
-        and CONFIG.MIN_PASSWORD_LENGTH > 0
-        and len(cleartxt) < CONFIG.MIN_PASSWORD_LENGTH
-    ):
-        return True  # invalid
-    try:
-        x = cracklib.FascistCheck(cleartxt)
-        return None
-    except ValueError as e:
-        return str(e)
+import sco_users
 
 
 # ---------------
@@ -358,10 +341,6 @@ class ZScoUsers(
         else:
             return False
 
-    def _is_valid_passwd(self, passwd):
-        "check if passwd is secure enough"
-        return not pwdFascistCheck(passwd)
-
     def do_change_password(self, user_name, password):
         user = self._user_list(args={"user_name": user_name})
         assert len(user) == 1, "database inconsistency: len(user)=%d" % len(user)
@@ -407,7 +386,7 @@ class ZScoUsers(
                 % user_name
             )
         else:
-            if not self._is_valid_passwd(password):
+            if not sco_users.is_valid_password(password):
                 H.append(
                     """<p><b>ce mot de passe n\'est pas assez compliqué !</b><br/>(oui, il faut un mot de passe vraiment compliqué !)</p>
                 <p><a href="form_change_password?user_name=%s" class="stdlink">Recommencer</a></p>
@@ -890,7 +869,7 @@ class ZScoUsers(
                         """Les deux mots de passes ne correspondent pas !"""
                     )
                     return "\n".join(H) + msg + "\n" + tf[1] + F
-                if not self._is_valid_passwd(vals["passwd"]):
+                if not sco_users.is_valid_password(vals["passwd"]):
                     msg = tf_error_message(
                         """Mot de passe trop simple, recommencez !"""
                     )
diff --git a/sco_users.py b/sco_users.py
new file mode 100644
index 000000000..703d6b183
--- /dev/null
+++ b/sco_users.py
@@ -0,0 +1,53 @@
+# -*- mode: python -*-
+# -*- coding: utf-8 -*-
+
+##############################################################################
+#
+# Gestion scolarite IUT
+#
+# Copyright (c) 1999 - 2021 Emmanuel Viennet.  All rights reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+#   Emmanuel Viennet      emmanuel.viennet@viennet.net
+#
+##############################################################################
+
+"""Fonctions sur les utilisateurs
+"""
+
+# Anciennement dans ZScoUsers.py, séparé pour migration
+
+import cracklib  # pylint: disable=import-error
+
+import sco_utils as scu
+from sco_utils import CONFIG, SCO_ENCODING
+
+
+def is_valid_password(cleartxt):
+    """Check password.
+    returns True if OK.
+    """
+    if (
+        hasattr(CONFIG, "MIN_PASSWORD_LENGTH")
+        and CONFIG.MIN_PASSWORD_LENGTH > 0
+        and len(cleartxt) < CONFIG.MIN_PASSWORD_LENGTH
+    ):
+        return False  # invalid: too short
+    try:
+        _ = cracklib.FascistCheck(cleartxt)
+        return True
+    except ValueError:
+        return False