NIST Password Best Practice Checklist

2 Min Read
There are no headings in this document.
NIST Password Best Practice Checklist

NIST, or the National Institute of Standards and Technology, has established itself as an authority figure for best practices on security and securing identities, password protection, and much more.

Ready to dive in?
Start Your Free Trial Today

While developing new systems web application security is essential. 

Brief summary overview of 800-63 guidelines in a checklist. If you want to read the full guidelines NIST Special Publication 800-63 guidelines for 2019 

NIST Password Best Practice Checklist

National Institute of Standards and Technology

Support at least 64 characters maximum length including all ASCII characters within password.

Minimum characters: 8 when set by a human and 6 whencreated by a system.


Avoid password hints and knowledge-based authentication like your first dog.

Avoid password expiration period


Allow a minimum of 10 password attempts before lockout

No SMS for 2FA

No SMS for 2FA (two factor authenticator)

Consider using an app like Google Authenticator.

Password Dictionaries

Check password against known password dictionaries.

NIST has played a large part in planning the CMMC compliance.

Frequently asked questions
Looking for more info? Here are some things we're commonly asked
  • Why is a Checklist Important?

    Does the running of your business include several repetitive tasks? If there’s no guidance or procedure in place, it’s possible for some of the steps in the process to get forgotten. This is why checklists are important.

    People get distracted, and when something gets forgotten, it’s much harder to recover than if they’d completed the task right in the first place.

    Guidance every step of the way makes sure something is completed perfectly every time.

    Read More: Why is a Checklist Important?

  • Checklist To Reduce Mistakes

    We all carry enormous knowledge and experience that we want to apply effectively, but we are all prone to make mistakes. There’s only so much we can store in our heads without forgetting something. How to maximise our use of knowledge?

    The simple answer to this problem is to use checklists.

    Read More:  Power Of A Simple Checklist To Reduce Mistakes

  • What types of checklist are there?

    How many types of checklists are there? Two. What are the two types of checklists? Read-Do and Do-Confirm checklists are about how you use checklists.

    Read More: Types of checklist: What are the two most powerful Checklist Types?

  • Checklist Software

    A checklist is a way to document each step needed to complete a task. A detailed set of instructions, a guide of how something is done. 

    Checklist software allows you to document every step of a process to be used over and over again.

    Read More: Checklist Software

Yep, like every other website we also use
delicious cookies to track you.