header image icon - block

NIST Password Best Practice Checklist

NIST Password Best Practice Checklist 23

NIST or National Institute of Standards and Technology has established itself as a authority figure for best practices on security and securing identities, password protection, and much more.

While developing new systems web application security is essential. 

Brief summary overview of 800-63 guidelines in a checklist. If you want to read the full guidelines NIST Special Publication 800-63 guidelines for 2019 

NIST Password Summary Checklist


Support at least 64 characters maximum length including all ASCII characters within password.

Minimum characters: 8 when set by a human and 6 whencreated by a system.


Avoid  password hints and knowledge-based authentication like your first dog.

Avoid password expiration period


Allow a minimum of 10 password attempts before lockout

No SMS for 2FA

No SMS for 2FA (two factor authenticator)

Consider using an app like Google Authenticator.

Password Dictionaries

Check password against known password dictionaries.

Related Checklists

Louise Burton-Payne

Checklist Ambassador

Digital marking, SEO & social media are a great passion of mine. Love to be ultra organised and love checklists and to-do lists so dream situation to hybrid the two with Checkify :-) Technology can help reduce the pressure and stress of trying to remember everything. Automation saves time and reduces mistakes.

Leave a Reply

Your email address will not be published. Required fields are marked *