diff --git a/src/main/java/org/gachon/checkmate/domain/member/service/MemberService.java b/src/main/java/org/gachon/checkmate/domain/member/service/MemberService.java
index 9b04e18..0a595e6 100644
--- a/src/main/java/org/gachon/checkmate/domain/member/service/MemberService.java
+++ b/src/main/java/org/gachon/checkmate/domain/member/service/MemberService.java
@@ -13,8 +13,10 @@
 import org.gachon.checkmate.global.config.mail.MailProvider;
 import org.gachon.checkmate.global.error.exception.ConflictException;
 import org.gachon.checkmate.global.error.exception.EntityNotFoundException;
+import org.gachon.checkmate.global.error.exception.InvalidValueException;
 import org.gachon.checkmate.global.error.exception.UnauthorizedException;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import java.util.regex.Pattern;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -32,6 +34,7 @@ public class MemberService {
     private final PasswordEncoder passwordEncoder;
     private final UserRepository userRepository;
     private final RefreshTokenRepository refreshTokenRepository;
+    private static final String PASSWORD_REGEX = "^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[@$!%*?&])[A-Za-z\\d@$!%*?&]{8,20}$";
 
     public EmailResponseDto sendMail(EmailPostRequestDto emailPostRequestDto) {
         checkDuplicateEmail(emailPostRequestDto.email());
@@ -40,6 +43,7 @@ public EmailResponseDto sendMail(EmailPostRequestDto emailPostRequestDto) {
     }
 
     public MemberSignUpResponseDto signUp(MemberSignUpRequestDto memberSignUpRequestDto) {
+        validatePassword(memberSignUpRequestDto.password());
         Long newMemberId = createMember(memberSignUpRequestDto);
         String accessToken = issueNewAccessToken(newMemberId);
         String refreshToken = issueNewRefreshToken(newMemberId);
@@ -71,6 +75,12 @@ public MypageResponseDto getMypage(Long userId) {
         );
     }
 
+    private void validatePassword(String password) {
+        if (!Pattern.matches(PASSWORD_REGEX, password)) {
+            throw new InvalidValueException(INVALID_PASSWORD);
+        }
+    }
+
     private User findByIdOrThrow(Long userId) {
         return userRepository.findById(userId)
                 .orElseThrow(() -> new EntityNotFoundException(USER_NOT_FOUND));
@@ -78,7 +88,7 @@ private User findByIdOrThrow(Long userId) {
 
     private void validatePassword(String enteredPassword, String storedPassword) {
         if (!authenticatePassword(enteredPassword, storedPassword)) {
-            throw new UnauthorizedException(INVALID_PASSWORD);
+            throw new UnauthorizedException(NOT_MATCH_PASSWORD);
         }
     }
 
diff --git a/src/main/java/org/gachon/checkmate/global/error/ErrorCode.java b/src/main/java/org/gachon/checkmate/global/error/ErrorCode.java
index b4694f2..f35f849 100644
--- a/src/main/java/org/gachon/checkmate/global/error/ErrorCode.java
+++ b/src/main/java/org/gachon/checkmate/global/error/ErrorCode.java
@@ -14,6 +14,7 @@ public enum ErrorCode {
     BAD_REQUEST(HttpStatus.BAD_REQUEST, "잘못된 요청입니다."),
     INVALID_ENUM_CODE(HttpStatus.BAD_REQUEST, "잘못된 Enum class code 입니다."),
     INVALID_PAGING_SIZE(HttpStatus.BAD_REQUEST, "잘못된 Paging 크기입니다."),
+    INVALID_PASSWORD(HttpStatus.BAD_REQUEST, "비밀번호는 8~20자 대소문자 영문, 숫자, 특수문자의 조합이어야 합니다."),
 
     /**
      * 401 Unauthorized
@@ -26,7 +27,7 @@ public enum ErrorCode {
     INVALID_REFRESH_TOKEN_VALUE(HttpStatus.UNAUTHORIZED, "리프레시 토큰의 값이 올바르지 않습니다."),
     EXPIRED_REFRESH_TOKEN(HttpStatus.UNAUTHORIZED, "리프레시 토큰이 만료되었습니다. 다시 로그인해 주세요."),
     NOT_MATCH_REFRESH_TOKEN(HttpStatus.UNAUTHORIZED, "일치하지 않는 리프레시 토큰입니다."),
-    INVALID_PASSWORD(HttpStatus.UNAUTHORIZED, "비밀번호가 일치하지 않습니다."),
+    NOT_MATCH_PASSWORD(HttpStatus.UNAUTHORIZED, "비밀번호가 일치하지 않습니다."),
 
     /**
      * 403 Forbidden