NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:


Application developers are faced with a choice of electronic authentication mechanisms based on a wide variety of technologies, including passwords, biometrics, and physical tokens, to perform local or remote authentication. NIST SP 800-63 Electronic Authentication Guidance is internationally recognized as the definitive reference for secret-based mechanisms for authentication of users over the Internet. NIST continues to develop and enhance authentication guidance to encompass new environments, such as physical access, and new authentication technologies, such as knowledge based authentication.

Password Guidance
Passwords are still the prevalent mechanism for authenticating the identity of users. The most current guidance for password mechanisms may be found in SP 800-63: Electronic Authentication Guideline: Recommendations of the National Institute of Standards and Technology (April 2006 [V 1.0.2]). This guidance is oriented to remote authentication; more general guidance is planned to replace the recently withdrawn FIPS 112: Password Usage (May 1985).