Applied Bank

Name: Applied Bank Password Policy Grade
Item: Applied Bank
Rating: 7
Author: PassFail.wtf Community

banking⚠ Unverified⚠ Needs re-verificationLast tested 2mo ago

73/110

66%

73/110

0 verifications

Category Breakdown

Category 1

Password Length Policy

20/20

Category 2

Character & Composition Rules

10/20

Phone number required at registration

Category 3

Multi-Factor Authentication

8/25

Forced phone-only 2FA — no authenticator app, no backup codes

Category 4

Anti-Pattern Penalties

20/20

Category 5

Password Manager Compatibility

15/15

Category 6

Breach Response & Credential Hygiene

0/10

✗

Overly restrictive character rules

Accept all printable ASCII and Unicode characters. Remove composition requirements (no "must contain uppercase + number")

Reference: NIST SP 800-63B §5.1.1

✗

Weak or missing MFA support

Implement TOTP (authenticator apps) and FIDO2/WebAuthn hardware keys. Work toward passkeys as a passwordless option

Reference: NIST SP 800-63B §4.3.1

✗

No breach detection

Check new passwords against known-breached lists (e.g. HaveIBeenPwned API). Notify users of relevant breaches

Reference: NIST SP 800-63B §5.1.1.2

Help the community by testing this policy yourself. Earn +5 karma for each verification.

No comments yet. Be the first to share your experience.