Skip to main content

Understanding the Latest NIST Password Guidelines

Security Meets Usability

Over the years, security professionals have learned surprising lessons about how password policies affect user behavior. Faced with complicated password requirements and hundreds of online accounts to keep track of, people often take dangerous shortcuts—and criminals benefit.

To help organizations mitigate the risk posed by users’ bad password habits, the National Institute of Standards and Technology (NIST) designed a set of password guidelines that balance security and usability. The updated guidance abandons the long-held philosophy that passwords must be long and complex. In contrast, the new guidelines recommend that passwords should be “easy to remember” but “hard to guess.” According to NIST, usability and security go hand-in-hand.

Read this white paper to understand what NIST’s guidance means for your organization, including:

  • Why NIST has abandoned popular password complexity requirements
  • What’s special about new authenticator guidelines
  • How NIST approaches biometrics (hint: they’re not enough on their own)
  • What organizations can do to mitigate the risk caused by users’ bad habits


NIST Password Screening
Align with the latest password security guidelines from the National Institute of Standards and Technology (NIST).
Download the PDF version of the whitepaper to print or share with others.

A few of our happy customers:

Related Resources

The SpyCloud Difference

Truly Actionable Recaptured Data

SpyCloud solutions are backed by the world’s most current and comprehensive repository of recaptured data from breaches, malware infections, and other underground sources – with billions of exposed credentials and PII. It’s the same data that fraudsters use, but we make it actionable to prevent account takeover, ransomware attacks, and online fraud.


Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.