Password Length Policy
8–128 chars — excellent range
Character & Composition Rules
Multi-Factor Authentication
Supports authenticator apps
Anti-Pattern Penalties
Password Manager Compatibility
Breach Response & Credential Hygiene
No breach detection
Check new passwords against known-breached lists (e.g. HaveIBeenPwned API). Notify users of relevant breaches
Reference: NIST SP 800-63B §5.1.1.2
Help the community by testing this policy yourself. Earn +5 karma for each verification.