Web Application Security: Passwords Checklist

Web Application Security: Passwords Checklist is a guide to enforcing strong password policy and security best practices with your applications.

Web applications require multiple layers of security and passwords still play an important role when securing your web application.

Web Application Security: Passwords Checklist

Minimum Password Length

Set a minimum password length of 12 characters.

Maximum Password Length

Allow users to use passwords with 64 characters or more.

Change Passwords

Allow users to change their passwords.

Allow Two-Factor Authentication Applications

Allow users to setup Two-Factor Authenticator (2FA) applications to prove a second stage of security. Do not use SMS/Txt based 2FA systems.

Example: Google Authenticator (Android or iOS)

Complexity Match Passwords

Require users to set passwords to a complexity match which at least has all of the following criteria: Uppercase, Lowercase, Numbers, and Symbols.

Store Password Using a Strong Hashing Algorithm

When storing password at rest, use strong one-way hashing algorithm/scheme along with a randomly generated salt per password.

Use Full Unicode Characters

Allow users to use the full Unicode character set.

Password Check

Verify that the password registered or updated by my users aren’t using a password found in the top 1,000 (or 10,000) breached passwords.

Password Strength Meter

Display to the user a “password strength meter” showing them the strength or their passwords. This provides the user feedback around the strength of their passwords.

NOTES:

– Don’t force users to periodically rotate/change their passwords
– Allow users to paste, use the browsers password helper, and user password managers while using my application

Passwords checklist has been submitted to us by Geekmasher based on the NIST 800-63 standards.

Related Checklists

NIST Password Best Practice Checklist

NIST or National Institute of Standards and Technology has established itself as a authority figure for best practices on security

View Checklist »

Password Protection Checklist: Protect Your Data

Protect data with password protection on all your devices, laptops, computers, tablets and smartphones

View Checklist »

Web Application Security: Passwords Checklist

Web Application Security: Passwords Checklist is a guide to enforcing strong password policy and security best practices with your applications.

View Checklist »

Digital marking, SEO & social media are a great passion of mine. Love to be ultra organised and love checklists and to-do lists so dream situation to hybrid the two with Checkify :-) Technology can help reduce the pressure and stress of trying to remember everything. Automation saves time and reduces mistakes.

Web Application Security: Passwords Checklist

Web Application Security: Passwords Checklist

Minimum Password Length

Maximum Password Length

Change Passwords

Allow Two-Factor Authentication Applications

Complexity Match Passwords

Store Password Using a Strong Hashing Algorithm

Use Full Unicode Characters

Password Check

Password Strength Meter

Related Checklists

NIST Password Best Practice Checklist

Password Protection Checklist: Protect Your Data

Web Application Security: Passwords Checklist

Louise Burton-Payne

Leave a Reply Cancel reply

Team Checklists Made Easy

Getting Started

Support

Company