diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample
index bbbc3b9fa..e9caf34c7 100644
--- a/group_vars/all.yml.sample
+++ b/group_vars/all.yml.sample
@@ -706,6 +706,7 @@ dummy:
 #dashboard_protocol: http
 #dashboard_port: 8443
 #dashboard_admin_user: admin
+# This variable must be set with a strong custom password when dashboard_enabled is True
 #dashboard_admin_password: p@ssw0rd
 # We only need this for SSL (https) connections
 #dashboard_crt: ''
@@ -716,6 +717,7 @@ dummy:
 #node_exporter_container_image: "prom/node-exporter:v0.17.0"
 #node_exporter_port: 9100
 #grafana_admin_user: admin
+# This variable must be set with a strong custom password when dashboard_enabled is True
 #grafana_admin_password: admin
 # We only need this for SSL (https) connections
 #grafana_crt: ''
diff --git a/group_vars/rhcs.yml.sample b/group_vars/rhcs.yml.sample
index 1db6fe0f9..929fb56eb 100644
--- a/group_vars/rhcs.yml.sample
+++ b/group_vars/rhcs.yml.sample
@@ -706,6 +706,7 @@ ceph_docker_registry_auth: true
 #dashboard_protocol: http
 #dashboard_port: 8443
 #dashboard_admin_user: admin
+# This variable must be set with a strong custom password when dashboard_enabled is True
 #dashboard_admin_password: p@ssw0rd
 # We only need this for SSL (https) connections
 #dashboard_crt: ''
@@ -716,6 +717,7 @@ ceph_docker_registry_auth: true
 node_exporter_container_image: registry.redhat.io/openshift4/ose-prometheus-node-exporter:v4.1
 #node_exporter_port: 9100
 #grafana_admin_user: admin
+# This variable must be set with a strong custom password when dashboard_enabled is True
 #grafana_admin_password: admin
 # We only need this for SSL (https) connections
 #grafana_crt: ''
diff --git a/roles/ceph-defaults/defaults/main.yml b/roles/ceph-defaults/defaults/main.yml
index aaa78098d..8cba252b3 100644
--- a/roles/ceph-defaults/defaults/main.yml
+++ b/roles/ceph-defaults/defaults/main.yml
@@ -698,7 +698,8 @@ dashboard_enabled: True
 dashboard_protocol: http
 dashboard_port: 8443
 dashboard_admin_user: admin
-dashboard_admin_password: p@ssw0rd
+# This variable must be set with a strong custom password when dashboard_enabled is True
+#dashboard_admin_password: p@ssw0rd
 # We only need this for SSL (https) connections
 dashboard_crt: ''
 dashboard_key: ''
@@ -708,7 +709,8 @@ dashboard_rgw_api_no_ssl_verify: False
 node_exporter_container_image: "prom/node-exporter:v0.17.0"
 node_exporter_port: 9100
 grafana_admin_user: admin
-grafana_admin_password: admin
+# This variable must be set with a strong custom password when dashboard_enabled is True
+#grafana_admin_password: admin
 # We only need this for SSL (https) connections
 grafana_crt: ''
 grafana_key: ''
diff --git a/roles/ceph-validate/tasks/main.yml b/roles/ceph-validate/tasks/main.yml
index f07971943..f99f9d6cf 100644
--- a/roles/ceph-validate/tasks/main.yml
+++ b/roles/ceph-validate/tasks/main.yml
@@ -205,6 +205,13 @@
       fail:
         msg: "you must add at least one node in the [grafana-server] hosts group"
       when: groups[grafana_server_group_name] | length < 1
+
+    - name: fail when dashboard_admin_password and/or grafana_admin_password are not set
+      fail:
+        msg: "you must set dashboard_admin_password and grafana_admin_password."
+      when:
+        - dashboard_admin_password is undefined
+          or grafana_admin_password is undefined
   when: dashboard_enabled | bool
 
 - name: validate container registry credentials