Premium Project

Bad passwords and the NIST guidelines

Check what passwords fail to conform to the National Institute of Standards and Technology password guidelines.

Start Project
  • 9 tasks
  • 1,688 participants
  • 1,500 XP

Project Description

Almost every web service you join will require you to come up with a password. But what makes a good password? In June 2017 the National Institute of Standards and Technology (NIST) published publication 800-63B titled Digital Identity Guidelines: Authentication and Lifecycle Management. This publication doesn't tell you what is a good password, but it does have specific rules for what is a bad password.

In this project, you will take a list of user passwords and, using publication 800-63B, you will write code that automatically detects and flags the bad passwords.

To complete this project, you need to know how to manipulate text using the stringr package and be familiar with regular expressions. If you haven't completed the course String Manipulation in R with stringr we recommend that you do so first.

Project Tasks

  • 1The NIST Special Publication 800-63B
  • 2Passwords should not be too short
  • 3 Common passwords people use
  • 4 Passwords should not be common passwords
  • 5Passwords should not be common words
  • 6Passwords should not be your name
  • 7Passwords should not be repetitive
  • 8All together now!
  • 9Otherwise, the password should be up to the user
Rasmus Bååth

Senior Data Scientist at King (Activision Blizzard)

Rasmus Bååth is a Senior Data Scientist at King. Previously, he was an instructor and Curriculum Lead for Projects at DataCamp. He has a PhD in Cognitive Science from Lund University in Sweden. Follow him at @rabaath on Twitter or on his blog, Publishable Stuff.

See More


  • R LogoR
  • Topics

    Case Studies