diff --git a/packages/next/src/views/Edit/Default/Auth/index.tsx b/packages/next/src/views/Edit/Default/Auth/index.tsx
index 7bfaf2a0a8..d15b37afb0 100644
--- a/packages/next/src/views/Edit/Default/Auth/index.tsx
+++ b/packages/next/src/views/Edit/Default/Auth/index.tsx
@@ -149,8 +149,10 @@ export const Auth: React.FC<Props> = (props) => {
           {(showPasswordFields || requirePassword) && (
             <div className={`${baseClass}__changing-password`}>
               <PasswordField
+                autoComplete="new-password"
                 field={{
                   name: 'password',
+                  _path: 'password',
                   admin: {
                     disabled,
                   },
diff --git a/packages/next/src/views/Edit/Default/index.tsx b/packages/next/src/views/Edit/Default/index.tsx
index b95af6eecb..980877ca84 100644
--- a/packages/next/src/views/Edit/Default/index.tsx
+++ b/packages/next/src/views/Edit/Default/index.tsx
@@ -98,14 +98,18 @@ export const DefaultEditView: React.FC = () => {
   if (globalSlug) classes.push(`global-edit--${globalSlug}`)
   if (collectionSlug) classes.push(`collection-edit--${collectionSlug}`)
 
-  const [schemaPath, setSchemaPath] = React.useState(entitySlug)
+  const [schemaPath, setSchemaPath] = React.useState(() => {
+    if (operation === 'create' && auth && !auth.disableLocalStrategy) {
+      return `_${entitySlug}.auth`
+    }
+
+    return entitySlug
+  })
   const [validateBeforeSubmit, setValidateBeforeSubmit] = useState(() => {
-    if (
-      operation === 'create' &&
-      collectionConfig.auth &&
-      !collectionConfig.auth.disableLocalStrategy
-    )
+    if (operation === 'create' && auth && !auth.disableLocalStrategy) {
       return true
+    }
+
     return false
   })
 
diff --git a/test/auth/e2e.spec.ts b/test/auth/e2e.spec.ts
index db3c7f2aad..514489fbbd 100644
--- a/test/auth/e2e.spec.ts
+++ b/test/auth/e2e.spec.ts
@@ -120,7 +120,7 @@ describe('auth', () => {
     await ensureCompilationIsDone({ page, serverURL })
   })
 
-  describe('authenticated users', () => {
+  describe('passwords', () => {
     beforeAll(() => {
       url = new AdminUrlUtil(serverURL, slug)
     })
@@ -155,6 +155,29 @@ describe('auth', () => {
       await expect(page.locator('#field-email')).toHaveValue(emailBeforeSave)
     })
 
+    test('should prevent new user creation without confirm password', async () => {
+      await page.goto(url.create)
+      await page.locator('#field-email').fill('dev2@payloadcms.com')
+      await page.locator('#field-password').fill('password')
+      // should fail to save without confirm password
+      await page.locator('#action-save').click()
+      await expect(
+        page.locator('.field-type.confirm-password .tooltip--show', {
+          hasText: exactText('This field is required.'),
+        }),
+      ).toBeVisible()
+
+      // should succeed with matching confirm password
+      await page.locator('#field-confirm-password').fill('password')
+      await saveDocAndAssert(page, '#action-save')
+    })
+  })
+
+  describe('authenticated users', () => {
+    beforeAll(() => {
+      url = new AdminUrlUtil(serverURL, slug)
+    })
+
     test('should have up-to-date user in `useAuth` hook', async () => {
       await page.goto(url.account)
       await page.waitForURL(url.account)