The FFIEC's document (http://www.ffiec.gov/pdf/authentication_guidance.pdf) is a good starting point.
SecurityDocs.com (http://www.securitydocs.com/Authentication/Passwords) has some great links to articles about different password solutions and stronger alternatives to passwords.
Also, I offer some common tips for strengthening passwords in chapter 7 of my book, The Little Black Book of Computer Security, entitled "Putting Software Access Controls in Place."
Related Q&A from Joel Dubin, past SearchSecurity.com expert
The security of RFID chips and smart cards may not be fully mature, but there are best practices to keep facilities safe. Identity and access ...continue reading
Picture passwords for mobile device security aren't a new idea, but they have been recently improved. Identity and access management expert Joel ...continue reading
Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.