diff --git a/packages/shared/src/__tests__/password-policy.test.ts b/packages/shared/src/__tests__/password-policy.test.ts
index eba7f86..71dfee5 100644
--- a/packages/shared/src/__tests__/password-policy.test.ts
+++ b/packages/shared/src/__tests__/password-policy.test.ts
@@ -6,13 +6,13 @@ describe("checkPasswordPolicy", () => {
     it("rejects passwords shorter than 12 chars", () => {
       const result = checkPasswordPolicy("short1!");
       expect(result.ok).toBe(false);
-      expect(result.reason).toMatch(/at least 12/i);
+      if (!result.ok) expect(result.reason).toMatch(/at least 12/i);
     });
 
     it("rejects passwords longer than 128 chars", () => {
       const result = checkPasswordPolicy("A".repeat(129));
       expect(result.ok).toBe(false);
-      expect(result.reason).toMatch(/no more than 128/i);
+      if (!result.ok) expect(result.reason).toMatch(/no more than 128/i);
     });
 
     it("accepts passwords at the lower bound that pass other checks", () => {
@@ -25,25 +25,25 @@ describe("checkPasswordPolicy", () => {
     it("rejects single char repeated", () => {
       const result = checkPasswordPolicy("aaaaaaaaaaaa");
       expect(result.ok).toBe(false);
-      expect(result.reason).toMatch(/single character/i);
+      if (!result.ok) expect(result.reason).toMatch(/single character/i);
     });
 
     it("rejects short patterns repeated", () => {
       const result = checkPasswordPolicy("abcabcabcabc");
       expect(result.ok).toBe(false);
-      expect(result.reason).toMatch(/short pattern/i);
+      if (!result.ok) expect(result.reason).toMatch(/short pattern/i);
     });
 
     it("rejects '1212121212121212' (2-char pattern repeated)", () => {
       const result = checkPasswordPolicy("1212121212121212");
       expect(result.ok).toBe(false);
-      expect(result.reason).toMatch(/short pattern/i);
+      if (!result.ok) expect(result.reason).toMatch(/short pattern/i);
     });
 
     it("rejects keyboard sequences like 'abcdefghijkl'", () => {
       const result = checkPasswordPolicy("abcdefghijkl");
       expect(result.ok).toBe(false);
-      expect(result.reason).toMatch(/sequence/i);
+      if (!result.ok) expect(result.reason).toMatch(/sequence/i);
     });
 
     it("rejects numeric runs like '1234567890ab'", () => {
@@ -57,13 +57,13 @@ describe("checkPasswordPolicy", () => {
     it("rejects 'PasswordPassword' (case-insensitive)", () => {
       const result = checkPasswordPolicy("PasswordPassword");
       expect(result.ok).toBe(false);
-      expect(result.reason).toMatch(/commonly used/i);
+      if (!result.ok) expect(result.reason).toMatch(/commonly used/i);
     });
 
     it("rejects 'Welcome2026!' seasonal password", () => {
       const result = checkPasswordPolicy("Welcome2026!");
       expect(result.ok).toBe(false);
-      expect(result.reason).toMatch(/commonly used/i);
+      if (!result.ok) expect(result.reason).toMatch(/commonly used/i);
     });
 
     it("rejects 'Summer2025!' regardless of case", () => {
@@ -78,7 +78,7 @@ describe("checkPasswordPolicy", () => {
         email: "hartmut@example.com",
       });
       expect(result.ok).toBe(false);
-      expect(result.reason).toMatch(/email or name/i);
+      if (!result.ok) expect(result.reason).toMatch(/email or name/i);
     });
 
     it("rejects passwords containing the user name", () => {
@@ -86,7 +86,7 @@ describe("checkPasswordPolicy", () => {
         name: "Hartmut Noerenberg",
       });
       expect(result.ok).toBe(false);
-      expect(result.reason).toMatch(/email or name/i);
+      if (!result.ok) expect(result.reason).toMatch(/email or name/i);
     });
 
     it("ignores short email locals to avoid false positives", () => {