NIST 800-63B

The United States doesn’t have a singular law that covers the privacy of all types of data. Instead, it has a mix of laws that depends on the state and industry. While it might be not required at this moment its still good to be complied with a NIST Special Publication 800-63B and follow guidelines for:

  • New Password Creation
  • User Authentication Flow
  • Credentials Storage Recommendations
  • Breached Password Protection
  • Limit Login Attempts
  • Allow Multi-Factor Authentication
  • Do not use SMS for authentication
  • Do not sacrefice UX in favor of security

Source: NIST Special Publication 800-63B

Help Ukraine to stop russian aggression