Essential cookies only — Cookie Policy.
Generate strong work passwords and a ready-to-copy policy paragraph for your staff handbook. Live compliance indicators for Cyber Essentials, NCSC, and NIST SP 800-63B — no IT consultant required.
Live indicator checks your password settings against the Cyber Essentials technical requirements — no guesswork at assessment time.
Copy a ready-made staff handbook paragraph, pre-configured to your settings, that documents your password policy for Cyber Essentials evidence purposes.
Standard, Admin, Cloud, and Remote Access presets with appropriate length defaults for each account type — matching the threat level of each.
All generation uses crypto.getRandomValues(). Nothing transmitted. Suitable for generating credentials before adding to your business password manager.
| Standard | Min length | Complexity | Rotation | MFA |
|---|---|---|---|---|
| Cyber Essentials | Not specified (8+ recommended) | Not easily guessable | On compromise only | Required for cloud/remote |
| NCSC Small Business | 8+ standard, 14+ admin | Generated preferred | On compromise only | Strongly recommended |
| NIST SP 800-63B 2025 | 15 characters | No mandatory complexity | On compromise only | Required at AAL2+ |
| ISO 27001:2022 | Policy-defined | Policy-defined | Risk-based | Recommended for privileged |
| Work Password (default) | 16 standard / 20 admin | All 4 character classes | On compromise only | Implement separately |
Pre-configure credentials for new employees before day one. Generate work passwords, prepare MFA setup instructions, and add them to your password manager — all aligned with Cyber Essentials onboarding requirements.
Found policy violations in your last compliance audit? Use the Policy Builder to generate replacement credentials that meet Cyber Essentials standards, then update your policy paragraph for the re-assessment. Document the fix.
Generate a compliance-ready password security clause for your vendor contracts and supplier agreements. Includes Cyber Essentials requirements, MFA obligations, notification timelines, and off-boarding terms.
Open-source, independently audited. ~£5/user/month. Central admin console, shared collections, audit logging, and off-boarding workflows. Cyber Essentials compatible when configured with MFA.
Try Bitwarden →Polished UI with excellent onboarding for non-technical teams. ~£7.50/user/month. Emergency Kit provides documented recovery process. Strong audit and access control features.
Try 1Password →The NCSC's free Cyber Essentials self-assessment tool and guidance documents — the definitive reference for UK SME security requirements. Start here before paying for assessment.
Cyber Essentials guide →Rachel Morris is an hobbyist with a keen interest in password security and online safety who has helped over 80 UK SMEs achieve Cyber Essentials and Cyber Essentials Plus certification. Her work focuses on making security requirements accessible to businesses without a dedicated IT security function — translating technical requirements into practical, cost-effective implementations.
All content aligns with the NCSC Small Business Guide, Cyber Essentials scheme, and NIST SP 800-63B 2025.
About Rachel Morris →Specialist tools for every audience.