Web Application Security: Passwords Checklist

2 Min Read
There are no headings in this document.
Web Application Security: Passwords Checklist

Web Application Security: Passwords Checklist is a guide to enforcing strong password policy and security best practices with your applications.

Ready to dive in?
Start Your Free Trial Today

Web applications require multiple layers of security and passwords still play an important role when securing your web application.

Web Application Security: Passwords Checklist

Enforcing strong password policy and security best practices.
Minimum Password Length

Set a minimum password length of 12 characters.

Maximum Password Length

Allow users to use passwords with 64 characters or more.

Change Passwords

Allow users to change their passwords.

Allow Two-Factor Authentication Applications

Allow users to setup Two-Factor Authenticator (2FA) applications to prove a second stage of security. Do not use SMS/Txt based 2FA systems.

Example: Google Authenticator (Android or iOS)

Complexity Match Passwords

Require users to set passwords to a complexity match which at least has all of the following criteria: Uppercase, Lowercase, Numbers, and Symbols.

Store Password Using a Strong Hashing Algorithm

When storing password at rest, use strong one-way hashing algorithm/scheme along with a randomly generated salt per password.

Use Full Unicode Characters

Allow users to use the full Unicode character set.

Password Check

Verify that the password registered or updated by my users aren’t using a password found in the top 1,000 (or 10,000) breached passwords.

Password Strength Meter

Display to the user a “password strength meter” showing them the strength or their passwords. This provides the user feedback around the strength of their passwords.


– Don’t force users to periodically rotate/change their passwords
– Allow users to paste, use the browsers password helper, and user password managers while using my application

Passwords checklist has been submitted to us by Geekmasher based on the NIST 800-63 standards.

Frequently asked questions
Looking for more info? Here are some things we're commonly asked
  • Why is a Checklist Important?

    Does the running of your business include several repetitive tasks? If there’s no guidance or procedure in place, it’s possible for some of the steps in the process to get forgotten. This is why checklists are important.

    People get distracted, and when something gets forgotten, it’s much harder to recover than if they’d completed the task right in the first place.

    Guidance every step of the way makes sure something is completed perfectly every time.

    Read More: Why is a Checklist Important?

  • Checklist To Reduce Mistakes

    We all carry enormous knowledge and experience that we want to apply effectively, but we are all prone to make mistakes. There’s only so much we can store in our heads without forgetting something. How to maximise our use of knowledge?

    The simple answer to this problem is to use checklists.

    Read More:  Power Of A Simple Checklist To Reduce Mistakes

  • What types of checklist are there?

    How many types of checklists are there? Two. What are the two types of checklists? Read-Do and Do-Confirm checklists are about how you use checklists.

    Read More: Types of checklist: What are the two most powerful Checklist Types?

  • Checklist Software

    A checklist is a way to document each step needed to complete a task. A detailed set of instructions, a guide of how something is done. 

    Checklist software allows you to document every step of a process to be used over and over again.

    Read More: Checklist Software

Yep, like every other website we also use
delicious cookies to track you.