Skip to main content
Premium project

Bad Passwords and the NIST Guidelines

Check what passwords fail to conform to the National Institute of Standards and Technology password guidelines.

Start Project
9 Tasks1,500 XP

Loved by learners at thousands of companies

Project Description

Almost every web service you join will require you to come up with a password. But what makes a good password? In June 2017 the National Institute of Standards and Technology (NIST) published publication 800-63B titled Digital Identity Guidelines: Authentication and Lifecycle Management. This publication doesn't tell you what is a good password, but it does have specific rules for what is a bad password.

In this project, you will take a list of user passwords and, using publication 800-63B, you will write code that automatically detects and flags the bad passwords.

Project Tasks

  1. 1
    The NIST Special Publication 800-63B
  2. 2
    Passwords should not be too short
  3. 3
    Common passwords people use
  4. 4
    Passwords should not be common passwords
  5. 5
    Passwords should not be common words
  6. 6
    Passwords should not be your name
  7. 7
    Passwords should not be repetitive
  8. 8
    All together now!
  9. 9
    Otherwise, the password should be up to the user


Python Python

Rasmus Bååth HeadshotRasmus Bååth

Data Science Lead at

Rasmus Bååth is a Data Science Lead at Previously, he was an instructor and Curriculum Lead for Projects at DataCamp. He has a PhD in Cognitive Science from Lund University in Sweden. Follow him at @rabaath on Twitter or on his blog, Publishable Stuff.
See More

What do other learners have to say?