diff --git a/docs/customization/validation_rules.md b/docs/customization/validation_rules.md
index 7e9a7afdc..074009d23 100644
--- a/docs/customization/validation_rules.md
+++ b/docs/customization/validation_rules.md
@@ -27,7 +27,11 @@ Shield has the following rules for registration by default:
     ],
     'password' => [
         'label' => 'Auth.password',
-        'rules' => 'required|max_byte[72]|strong_password[]',
+        'rules' => [
+                'required',
+                'max_byte[72]',
+                'strong_password[]',
+            ],
         'errors' => [
             'max_byte' => 'Auth.errorPasswordTooLongBytes'
         ]
@@ -98,8 +102,13 @@ Similar to the process for validation rules in the **Registration** section, you
 //--------------------------------------------------------------------
 public $login = [
     // 'username' => [
-    //     'label' =>  'Auth.username',
-    //     'rules' => 'required|max_length[30]|min_length[3]|regex_match[/\A[a-zA-Z0-9\.]+\z/]',
+    //     'label' => 'Auth.username',
+    //     'rules' => [
+    //         'required',
+    //         'max_length[30]',
+    //         'min_length[3]',
+    //         'regex_match[/\A[a-zA-Z0-9\.]+\z/]',
+    //     ],
     // ],
     'email' => [
         'label' => 'Auth.email',
@@ -111,7 +120,10 @@ public $login = [
     ],
     'password' => [
         'label' => 'Auth.password',
-        'rules' => 'required|max_byte[72]',
+            'rules' => [
+                'required',
+                'max_byte[72]',
+            ],
         'errors' => [
             'max_byte' => 'Auth.errorPasswordTooLongBytes',
         ]
diff --git a/src/Commands/User.php b/src/Commands/User.php
index 9a2b39c1f..4a2d1b1e1 100644
--- a/src/Commands/User.php
+++ b/src/Commands/User.php
@@ -13,7 +13,7 @@
 use CodeIgniter\Shield\Entities\User as UserEntity;
 use CodeIgniter\Shield\Exceptions\UserNotFoundException;
 use CodeIgniter\Shield\Models\UserModel;
-use CodeIgniter\Shield\Validation\RegistrationValidationRules;
+use CodeIgniter\Shield\Validation\ValidationRules;
 use Config\Services;
 
 class User extends BaseCommand
@@ -219,9 +219,9 @@ private function setTables(): void
 
     private function setValidationRules(): void
     {
-        $validationRules = new RegistrationValidationRules();
+        $validationRules = new ValidationRules();
 
-        $rules = $validationRules->get();
+        $rules = $validationRules->getRegistrationRules();
 
         // Remove `strong_password` because it only supports use cases
         // to check the user's own password.
diff --git a/src/Config/Auth.php b/src/Config/Auth.php
index c5e15b035..e7ad04189 100644
--- a/src/Config/Auth.php
+++ b/src/Config/Auth.php
@@ -203,13 +203,18 @@ class Auth extends BaseConfig
      * The validation rules for username
      * --------------------------------------------------------------------
      *
-     * @var string[]
+     * Do not use string rules like `required|valid_email`.
+     *
+     * @var array<string, array<int, string>|string>
      */
     public array $usernameValidationRules = [
-        'required',
-        'max_length[30]',
-        'min_length[3]',
-        'regex_match[/\A[a-zA-Z0-9\.]+\z/]',
+        'label' => 'Auth.username',
+        'rules' => [
+            'required',
+            'max_length[30]',
+            'min_length[3]',
+            'regex_match[/\A[a-zA-Z0-9\.]+\z/]',
+        ],
     ];
 
     /**
@@ -217,12 +222,17 @@ class Auth extends BaseConfig
      * The validation rules for email
      * --------------------------------------------------------------------
      *
-     * @var string[]
+     * Do not use string rules like `required|valid_email`.
+     *
+     * @var array<string, array<int, string>|string>
      */
     public array $emailValidationRules = [
-        'required',
-        'max_length[254]',
-        'valid_email',
+        'label' => 'Auth.email',
+        'rules' => [
+            'required',
+            'max_length[254]',
+            'valid_email',
+        ],
     ];
 
     /**
diff --git a/src/Controllers/LoginController.php b/src/Controllers/LoginController.php
index ba7efe56f..e38fa3817 100644
--- a/src/Controllers/LoginController.php
+++ b/src/Controllers/LoginController.php
@@ -7,8 +7,8 @@
 use App\Controllers\BaseController;
 use CodeIgniter\HTTP\RedirectResponse;
 use CodeIgniter\Shield\Authentication\Authenticators\Session;
-use CodeIgniter\Shield\Authentication\Passwords;
 use CodeIgniter\Shield\Traits\Viewable;
+use CodeIgniter\Shield\Validation\ValidationRules;
 
 class LoginController extends BaseController
 {
@@ -82,23 +82,9 @@ public function loginAction(): RedirectResponse
      */
     protected function getValidationRules(): array
     {
-        return setting('Validation.login') ?? [
-            // 'username' => [
-            //     'label' => 'Auth.username',
-            //     'rules' => config('Auth')->usernameValidationRules,
-            // ],
-            'email' => [
-                'label' => 'Auth.email',
-                'rules' => config('Auth')->emailValidationRules,
-            ],
-            'password' => [
-                'label'  => 'Auth.password',
-                'rules'  => 'required|' . Passwords::getMaxLengthRule(),
-                'errors' => [
-                    'max_byte' => 'Auth.errorPasswordTooLongBytes',
-                ],
-            ],
-        ];
+        $rules = new ValidationRules();
+
+        return $rules->getLoginRules();
     }
 
     /**
diff --git a/src/Controllers/MagicLinkController.php b/src/Controllers/MagicLinkController.php
index 45ac55a43..ebdeda0ca 100644
--- a/src/Controllers/MagicLinkController.php
+++ b/src/Controllers/MagicLinkController.php
@@ -234,10 +234,7 @@ private function recordLoginAttempt(
     protected function getValidationRules(): array
     {
         return [
-            'email' => [
-                'label' => 'Auth.email',
-                'rules' => config('Auth')->emailValidationRules,
-            ],
+            'email' => config('Auth')->emailValidationRules,
         ];
     }
 }
diff --git a/src/Controllers/RegisterController.php b/src/Controllers/RegisterController.php
index 0e49e3851..e0eea5014 100644
--- a/src/Controllers/RegisterController.php
+++ b/src/Controllers/RegisterController.php
@@ -14,7 +14,7 @@
 use CodeIgniter\Shield\Exceptions\ValidationException;
 use CodeIgniter\Shield\Models\UserModel;
 use CodeIgniter\Shield\Traits\Viewable;
-use CodeIgniter\Shield\Validation\RegistrationValidationRules;
+use CodeIgniter\Shield\Validation\ValidationRules;
 use Psr\Log\LoggerInterface;
 
 /**
@@ -167,8 +167,8 @@ protected function getUserEntity(): User
      */
     protected function getValidationRules(): array
     {
-        $rules = new RegistrationValidationRules();
+        $rules = new ValidationRules();
 
-        return $rules->get();
+        return $rules->getRegistrationRules();
     }
 }
diff --git a/src/Validation/RegistrationValidationRules.php b/src/Validation/RegistrationValidationRules.php
deleted file mode 100644
index ca2c5a44f..000000000
--- a/src/Validation/RegistrationValidationRules.php
+++ /dev/null
@@ -1,59 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace CodeIgniter\Shield\Validation;
-
-use CodeIgniter\Shield\Authentication\Passwords;
-use CodeIgniter\Shield\Config\Auth;
-
-class RegistrationValidationRules
-{
-    /**
-     * Auth Table names
-     */
-    private array $tables;
-
-    public function __construct()
-    {
-        /** @var Auth $authConfig */
-        $authConfig   = config('Auth');
-        $this->tables = $authConfig->tables;
-    }
-
-    public function get(): array
-    {
-        $registrationUsernameRules = array_merge(
-            config('Auth')->usernameValidationRules,
-            [sprintf('is_unique[%s.username]', $this->tables['users'])]
-        );
-        $registrationEmailRules = array_merge(
-            config('Auth')->emailValidationRules,
-            [sprintf('is_unique[%s.secret]', $this->tables['identities'])]
-        );
-
-        helper('setting');
-
-        return setting('Validation.registration') ?? [
-            'username' => [
-                'label' => 'Auth.username',
-                'rules' => $registrationUsernameRules,
-            ],
-            'email' => [
-                'label' => 'Auth.email',
-                'rules' => $registrationEmailRules,
-            ],
-            'password' => [
-                'label'  => 'Auth.password',
-                'rules'  => 'required|' . Passwords::getMaxLengthRule() . '|strong_password[]',
-                'errors' => [
-                    'max_byte' => 'Auth.errorPasswordTooLongBytes',
-                ],
-            ],
-            'password_confirm' => [
-                'label' => 'Auth.passwordConfirm',
-                'rules' => 'required|matches[password]',
-            ],
-        ];
-    }
-}
diff --git a/src/Validation/ValidationRules.php b/src/Validation/ValidationRules.php
new file mode 100644
index 000000000..c0d8da438
--- /dev/null
+++ b/src/Validation/ValidationRules.php
@@ -0,0 +1,89 @@
+<?php
+
+declare(strict_types=1);
+
+namespace CodeIgniter\Shield\Validation;
+
+use CodeIgniter\Shield\Authentication\Passwords;
+use CodeIgniter\Shield\Config\Auth;
+
+class ValidationRules
+{
+    private Auth $config;
+
+    /**
+     * Auth Table names
+     */
+    private array $tables;
+
+    public function __construct()
+    {
+        /** @var Auth $authConfig */
+        $authConfig = config('Auth');
+
+        $this->config = $authConfig;
+        $this->tables = $this->config->tables;
+    }
+
+    public function getRegistrationRules(): array
+    {
+        helper('setting');
+
+        $setting = setting('Validation.registration');
+        if ($setting !== null) {
+            return $setting;
+        }
+
+        $usernameRules            = $this->config->usernameValidationRules;
+        $usernameRules['rules'][] = sprintf(
+            'is_unique[%s.username]',
+            $this->tables['users']
+        );
+
+        $emailRules            = $this->config->emailValidationRules;
+        $emailRules['rules'][] = sprintf(
+            'is_unique[%s.secret]',
+            $this->tables['identities']
+        );
+
+        $passwordRules            = $this->getPasswordRules();
+        $passwordRules['rules'][] = 'strong_password[]';
+
+        return [
+            'username'         => $usernameRules,
+            'email'            => $emailRules,
+            'password'         => $passwordRules,
+            'password_confirm' => $this->getPasswordConfirmRules(),
+        ];
+    }
+
+    public function getLoginRules(): array
+    {
+        helper('setting');
+
+        return setting('Validation.login') ?? [
+            // 'username' => $this->config->usernameValidationRules,
+            'email'    => $this->config->emailValidationRules,
+            'password' => $this->getPasswordRules(),
+        ];
+    }
+
+    public function getPasswordRules(): array
+    {
+        return [
+            'label'  => 'Auth.password',
+            'rules'  => ['required', Passwords::getMaxLengthRule()],
+            'errors' => [
+                'max_byte' => 'Auth.errorPasswordTooLongBytes',
+            ],
+        ];
+    }
+
+    public function getPasswordConfirmRules(): array
+    {
+        return [
+            'label' => 'Auth.passwordConfirm',
+            'rules' => 'required|matches[password]',
+        ];
+    }
+}