Skip to main content
Premium project

Bad Passwords and the NIST Guidelines

Check what passwords fail to conform to the National Institute of Standards and Technology password guidelines.

Start Project
9 Tasks1,500 XP

Loved by learners at thousands of companies

Project Description

Almost every web service you join will require you to come up with a password. But what makes a good password? In June 2017 the National Institute of Standards and Technology (NIST) published [publication 800-63B]( titled *Digital Identity Guidelines: Authentication and Lifecycle Management*. This publication doesn't tell you what is a *good* password, but it does have specific rules for what is a *bad* password. In this project, you will take a list of user passwords and, using publication 800-63B, you will write code that automatically detects and flags the bad passwords.

Project Tasks

  1. 1
    The NIST Special Publication 800-63B
  2. 2
    Passwords should not be too short
  3. 3
    Common passwords people use
  4. 4
    Passwords should not be common passwords
  5. 5
    Passwords should not be common words
  6. 6
    Passwords should not be your name
  7. 7
    Passwords should not be repetitive
  8. 8
    All together now!
  9. 9
    Otherwise, the password should be up to the user




Case Studies
Rasmus Bååth Headshot

Rasmus Bååth

Data Science Lead at

Rasmus Bååth is a Data Science Lead at Previously, he was an instructor and Curriculum Lead for Projects at DataCamp. He has a PhD in Cognitive Science from Lund University in Sweden. Follow him at @rabaath on Twitter or on his blog, Publishable Stuff.
See More

What do other learners have to say?

I've used other sites—Coursera, Udacity, things like that—but DataCamp's been the one that I've stuck with.

Devon Edwards Joseph
Lloyds Banking Group

DataCamp is the top resource I recommend for learning data science.

Louis Maiden
Harvard Business School

DataCamp is by far my favorite website to learn from.

Ronald Bowers
Decision Science Analytics, USAA