Chase

Name: Chase Password Policy Grade
Item: Chase
Rating: 7
Author: PassFail.wtf Community

banking⚠ Unverified⚠ Needs re-verificationLast tested 2mo ago

73/110

66%

73/110

0 verifications

Category Breakdown

Category 1

Password Length Policy

10/20

8–20 char range

Category 2

Character & Composition Rules

10/20

Username requires a number (pointless composition rule)

Category 3

Multi-Factor Authentication

18/25

Supports 2FA

Category 4

Anti-Pattern Penalties

20/20

Category 5

Password Manager Compatibility

15/15

Category 6

Breach Response & Credential Hygiene

0/10

✗

Password length restrictions are too tight

Allow minimum 8 chars, support up to at least 64 characters (preferably unlimited)

Reference: NIST SP 800-63B §5.1.1

✗

Overly restrictive character rules

Accept all printable ASCII and Unicode characters. Remove composition requirements (no "must contain uppercase + number")

Reference: NIST SP 800-63B §5.1.1

✗

No breach detection

Check new passwords against known-breached lists (e.g. HaveIBeenPwned API). Notify users of relevant breaches

Reference: NIST SP 800-63B §5.1.1.2

Help the community by testing this policy yourself. Earn +5 karma for each verification.

No comments yet. Be the first to share your experience.