Make sure all your passwords are 12 characters or more, Use bcrypt or PBKDF2 exclusively to hash anything you need to be secure. - http://www.codinghorror.com/blog/2012/04/speed-hashing.html Password is only worked for one time - http://www.mobileread.com/forums/showthread.php?threadid=6462 crack captcha - http://sam.zoy.org/pwntcha/ Java password mask - http://java.sun.com/developer/technicalArticles/Security/pwordmask/ OpenID resource - http://openid.net/ http://www.arachna.com/roller/page/spidaman/20070225#the_openid_snowball http://developers.sun.com/identity/ http://www.theserverside.com/news/thread.tss?thread_id=46569&asrc=EM_NLN_2030603&uid=703565 OpenID explain - http://ravichodavarapu.blogspot.com/2007/06/what-is-openid.html A technique that crack winxp password at 3 min - http://www.infoq.com/news/2007/09/rainbowtables Using image as password - http://dsc.discovery.com/news/briefs/20060306/password_tec.html The other interesting idea, Evolving Password - http://www.docuverse.com/blog/donpark/EntryViewPage.aspx?guid=79730e53-1d30-47ae-98e8-abb55201429b Passphrase Evangelism - http://www.codinghorror.com/blog/archives/000360.html Rainbow Hash Cracking - http://www.codinghorror.com/blog/archives/000949.html , add salt (token) to prevent it - http://blog.cfelde.com/2011/04/hashing-passwords/ How to make password harder to be guessed, but I guess there should be simple way to guess "this is fun", other than take 2537 years? - http://www.baekdal.com/tips/password-security-usability Discussion about if some old suggested rules about still valid or not - http://queue.acm.org/detail.cfm?id=2422416&ref=fullrss Using quantum for password? - https://www.inside.com.tw/2017/03/01/quantum-key-distribution Salted Password Hashing - Doing it Right - https://crackstation.net/hashing-security.htm http://www.infoq.com/cn/articles/how-to-encrypt-the-user-password-correctly It sound like outsource is better - https://blog.plan99.net/building-account-systems-f790bf5fdbe0 Hash explained - https://dev.to/kmistele/how-to-securely-hash-and-store-passwords-in-your-next-application-4e2f