Password Policy Tester

Score your password policy against NIST, CIS & Microsoft

50 policies tested ☕ Support
8
90
5
5
Quick presets:
How does the Password Policy Tester work?
Enter your organisation’s password policy settings — minimum length, complexity rules, expiry period, lockout threshold, and MFA status. The tool scores your policy 0–100 and compares it against four industry standards.
What standards does it compare against?
NIST 800-63B, CIS Controls v8, Microsoft’s own recommendations, and the Australian Essential Eight. Each standard has different approaches to password security.
Why does NIST recommend against forced password expiry?
Research shows forced expiry leads users to choose weaker passwords and make predictable changes (Password1 → Password2). NIST recommends longer passwords without expiry, combined with MFA.
Can I see how changing one setting affects my score?
Yes! Adjust any slider or toggle and see the score update in real-time. This helps you prioritise which policy changes will have the biggest security impact.
Does this send my policy details anywhere?
No. Everything runs 100% in your browser. No data is sent to any server. Your policy settings never leave your device.
Is this tool still being improved?
Yes! This is V1 and we’d love your feedback. Visit our feedback page to suggest improvements.

Your Admin Toolkit

🛡️Entra ID CA

Conditional Access

🔐Purview

Labels & DLP

PowerShell

Script builder

🛡️Security

CIS assessment

📐SLA Calc

Uptime budget

🔑Policy Tester

Score your policy

📢Incident Comms

Status updates

🚀Migration

Plan your move

📧Admin Comms

Draft emails

📋Compliance

Framework passport

💬 Got feedback? Share it here →

💬