Almost every web service you join will require you to come up with a password. But what makes a good password? In June 2017 the National Institute of Standards and Technology (NIST) published [publication 800-63B](https://pages.nist.gov/800-63-3/sp800-63b.html) titled *Digital Identity Guidelines: Authentication and Lifecycle Management*. This publication doesn't tell you what is a *good* password, but it does have specific rules for what is a *bad* password. In this project, you will take a list of user passwords and, using publication 800-63B, you will write code that automatically detects and flags the bad passwords.
- 1The NIST Special Publication 800-63B
- 2Passwords should not be too short
- 3Common passwords people use
- 4Passwords should not be common passwords
- 5Passwords should not be common words
- 6Passwords should not be your name
- 7Passwords should not be repetitive
- 8All together now!
- 9Otherwise, the password should be up to the user
Data Science Lead at castle.io