Password validation has been a fairly often requested example. Axure can actually do this fairly easily and quite well. The trick is to treat the password validation as a series of conditions that if not met (or failed) means the password is invalid/bad. If you make it through all of these conditions without failing then the password is valid/good.
Here is what a pretty thorough password validation check will look like. I know it can look pretty intimidating at first, but if we go through it Case by Case it is actually fairly straightforward.
See It Live: Password Validation
RP File: PasswordValidation.rp (56.2 KB)
1. Excluded Characters (Spaces)
Fail: if the password text contains " " or any other characters that are not allowed (often certain symbols are exempted for technical or backend reasons).
Fail: if password length is less than 8 characters (or any length required). You can also check and fail is the password is too long here (e.g. greater than 20).
3 & 4. Upper/Lower Case Character
Fail: if password does not contain an upper and lower case character. What is great about these 2 cases, we don't have to check for alpha characters anymore, by ensuring we have an upper and lower case character we have also by definition ensured that we have an alpha character.
5. Number Character
Fail: if the password does not contain one character [0-9].
(This is the most intimidating Condition, I almost left it out because without it, the validation is still pretty good it just means a few passwords would sneak through where the user gets everything else correct, but no number. I think most people will try to type the number before the symbol character though, you can decide if the perfect validation or simplicity of leaving this one off is more important for you.)
6. Symbol Character
Fail: if the password is alpha-numeric, this means it only contains letters and numbers and doesn't have a symbol yet.
7. Success (Valid Password)
Success: none of our Fail conditions were met, that means we have a good password!
I think this should definitely cover any password validation needed for the prototype level. I would be surprised if there were many better password validators out there in the wild. But, let me know if I missed anything or you notice any holes in the validation.
*One final note, I choose to do this as you type your password. But you could easily check on a Button Shape OnClick or something similar.