Previous PDF

swipe to navigate


The US National Institute of Standards and Technology (NIST) released updated guidance regarding authentication systems in 2017, which includes new recommendations for password complexity and non-password authentication systems. This document reviews the NIST guidelines and offers practical guidelines to IT organizations and (separately) to application developers.

Password guidelines are a subset of NIST Special Publication 800-63 (Revision 3): Digital Identity Guidelines.

Different audiences

Organizations that use systems or applications must deploy and support that software as it exists, not as they wish it performed. As such, only a subset of NIST rules pertain -- those that do not require changes to the underlying software or service.

On the other hand, organizations that develop software can attempt to comply with a broader range of recommendations.

This document has separate sections for application developers versus the IT organizations that deploy and support applications.

Previous Next PDF