Password Policy Generator
Generate a safe password policy and rollout checklist for personal, family, business, or admin use. The tool only asks for preferences, never passwords or secrets.
Policy posture
Strict baseline
Personal policy with elevated risk and mixed 2FA.
Policy export
Copy this into your private vault or download a local text file. It contains policy choices only, not secrets.
Password policy Safety rule: this policy was generated from preferences only. Do not add real passwords, recovery keys, backup codes, security answers, or private account details unless the file is stored inside a private vault. Scope: Personal Risk level: Elevated 2FA coverage: Mixed Sharing: Some sharing Recovery: Partial Rotation: Breach-only Policy: 1. Use unique passwords for every account. Minimum length: 14+ characters, or 5+ random words for memorized passphrases. 2. Store generated passwords in a private password manager. Do not store passwords in chats, email, screenshots, spreadsheets, or unencrypted notes. 3. Never reuse the password manager master password anywhere else. 4. Use passkeys, hardware keys, or authenticator apps for primary email, password manager, banking, work, device, and cloud accounts. 5. Keep recovery email, backup codes, trusted devices, and emergency access documented outside this page. 6. Rotate passwords after breach alerts, suspected compromise, password reuse, account sharing changes, employee or vendor access changes, and recovery changes. 7. Upgrade weak 2FA. Prefer passkeys, hardware keys, or authenticator apps over SMS for important accounts. 8. Share through a password manager shared vault, not copied messages. Name an owner for every shared account and remove access when it is no longer needed. 9. Verify recovery before changing critical passwords. Start with primary email, password manager, device ecosystem, banking, work, and cloud accounts. Implementation checklist: 1. Publish the policy somewhere private and easy to find. 2. Confirm no one is asked to paste passwords, recovery keys, backup codes, security answers, or account names into policy tools. 3. Create or verify the password manager vault before changing important passwords. 4. Start with accounts that reset other accounts: email, password manager, device ecosystem, banking, work, and cloud. 5. Enable strong 2FA before removing old recovery paths. 6. Review recovery options after every critical password change. 7. Move shared credentials into shared vaults with named owners and removal dates. Generated locally by https://passlock.to/tools/password-policy-generator
Generated policy
Use unique passwords for every account. Minimum length: 14+ characters, or 5+ random words for memorized passphrases.
Store generated passwords in a private password manager. Do not store passwords in chats, email, screenshots, spreadsheets, or unencrypted notes.
Never reuse the password manager master password anywhere else.
Use passkeys, hardware keys, or authenticator apps for primary email, password manager, banking, work, device, and cloud accounts.
Keep recovery email, backup codes, trusted devices, and emergency access documented outside this page.
Rotate passwords after breach alerts, suspected compromise, password reuse, account sharing changes, employee or vendor access changes, and recovery changes.
Upgrade weak 2FA. Prefer passkeys, hardware keys, or authenticator apps over SMS for important accounts.
Share through a password manager shared vault, not copied messages. Name an owner for every shared account and remove access when it is no longer needed.
Verify recovery before changing critical passwords. Start with primary email, password manager, device ecosystem, banking, work, and cloud accounts.
Implementation checklist
Publish the policy somewhere private and easy to find.
Confirm no one is asked to paste passwords, recovery keys, backup codes, security answers, or account names into policy tools.
Create or verify the password manager vault before changing important passwords.
Start with accounts that reset other accounts: email, password manager, device ecosystem, banking, work, and cloud.
Enable strong 2FA before removing old recovery paths.
Review recovery options after every critical password change.
Move shared credentials into shared vaults with named owners and removal dates.
Password policy FAQ
Should a password policy require symbols?
Length, uniqueness, and storage in a password manager matter more than forced symbol rules. Symbols are fine, but short passwords with symbols are still weak.
Should passwords expire on a schedule?
For most accounts, rotate after compromise, reuse, exposure, or access changes. Scheduled rotation is mainly useful for privileged shared passwords.
Is this safe to use for work?
Yes as a planning aid because it never needs secrets. For regulated teams, adapt the export to your internal compliance, identity, and incident-response requirements.
Passlock for Mac · $14 lifetime
Done. Now lock it down for real.
The browser is fine for one-off checks. The app keeps your passwords, passkeys, and notes locked behind your Mac — offline by default, no cloud account, no subscription.
- Master lock for your whole vaultLock everything behind one Mac-native gate when you step away.
- 4 lock types, including Touch ID & passkeysPick the unlock method per item — password, Touch ID, passkey, or master.
- Offline & native macOS KeychainNo subscription, no cloud account, no sync server reading your secrets.
Vault
All items
Bank · login
support@bank.com
iCloud
you@icloud.com
GitHub
@you
Email · personal
you@kitze.io