- Check for good passwords when they are selected.
- Short passwords
- Username appearing in password
- Only digits
- Only numbers
- Words in the dictionary (uppercase, lowercase, mixed)
- Do not store the encrypted password;
use the password to encrypt a known key.
- Protected the password databse to prevent dictionary attacks.
- Keep track of failed login attempts
- Even better, use variable passwords like SecureID