Password Length Policy
50 char max — decent but could allow more
Character & Composition Rules
Multi-Factor Authentication
Authenticator app supported
Anti-Pattern Penalties
Password Manager Compatibility
Breach Response & Credential Hygiene
No breach detection
Check new passwords against known-breached lists (e.g. HaveIBeenPwned API). Notify users of relevant breaches
Reference: NIST SP 800-63B §5.1.1.2
Help the community by testing this policy yourself. Earn +5 karma for each verification.