public cyber tool / teams / browser-side

Password Policy Checker

Do not enter real passwords. Review the rules you ask users to follow and generate random passwords locally in the browser with progressive profiles.

score --password-policy --generate local analysis / no remote fetch

score --password-policy --generate

minimum length maximum length

MFA / 2FA compromised-password check password manager and paste allowed spaces/passphrases allowed mandatory complexity forced periodic rotation

random password generator

Local generation with Web Crypto. Xyrrathos targets about 250 bits of estimated entropy with more characters and recursive mixing, not a claim that the password itself is encrypted.

Xyrrathos note: a profile forged under the sign of the Master of the Forge, from Tales of Xdripia. In this tool it marks the most extreme level: long, local, random, meant for password managers and critical accounts.

level generated password

What really matters

Length, MFA and compromised-password checks matter more than hard-to-remember complexity rules.

A well-generated password is not “encrypted”: it is unpredictable. Xyrrathos uses local cryptographic randomness, more length and recursive mixing to reach about 250 bits of estimated entropy.

Lore note: Xyrrathos is the Master of the Forge profile from Tales of Xdripia. The name is narrative; operational safety still comes from entropy, local generation and storage in a password manager.

Forced periodic rotation can worsen behavior when there is no evidence of compromise.

Allowing password managers, paste and long passphrases improves both security and usability.

references

NIST SP 800-63B OWASP Authentication Cheat Sheet