spec checked
NIST SP 800-63B authentication and lifecycle management
Documents authentication assurance, subscriber accounts, authenticator issuance, return-visit authentication, one-time-service account-avoidance context, MFA and phishing-resistant options, protected channels, privacy requirements, and customer-experience considerations for authentication services.
Pattern Decisions This Source Supports
| Pattern | Supported decision | Required contract | Claim note |
|---|---|---|---|
| Account creation | Choose account creation when a persistent account is required for repeated access, saved data, account management, security, authorization, legal accountability, or returning to drafts. | The flow states why the account is needed before asking for credentials. | NIST supports the account and authenticator lifecycle framing for repeated authentication and return visits. |
| Sign in | Choose sign in when the user needs to start or restore an authenticated session for an existing account. | The sign-in form identifies the protected service or destination before requesting credentials. | NIST supports authentication assurance, phishing-resistant options, protected channels, and reauthentication boundaries. |
| Two-factor authentication | Choose two-factor authentication when the user must satisfy an additional factor after a primary credential, SSO return, passkey flow, risk signal, new device, or sensitive action. | The challenge appears only when the server requires additional verification and the protected action remains blocked until success. | NIST supports authentication assurance, MFA options, phishing-resistant authenticators, protected channels, authenticator lifecycle, and customer-experience considerations. |
Evidence Role
This source is treated as spec evidence. Use it to validate the decision rules above, not as a visual style reference.
Publisher: National Institute of Standards and Technology. Last checked: .