Or the other option for exactly what you want is the 14a raw commands on proxmark which is what I just played with.
I put a test card through DNFC and confirmed that it does exactly what it says on the tin, at least in my sample size of 1. Set static and dynamic lock bits correctly, AUTH0 to E2, set the PASS and PACK, no funny business and I can authenticate no problem with the set password.
I’ll make my flexNExT safe by using raw commands just to be sure i have control over the whole process, but from my tiny sample size, seems safe to me too.