The FFIEC's document (http://www.ffiec.gov/pdf/authentication_guidance.pdf) is a good starting point.
SecurityDocs.com (http://www.securitydocs.com/Authentication/Passwords) has some great links to articles about different password solutions and stronger alternatives to passwords.
Also, I offer some common tips for strengthening passwords in chapter 7 of my book, The Little Black Book of Computer Security, entitled "Putting Software Access Controls in Place."
Related Q&A from Joel Dubin
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ...continue reading
In the IAM world, what's the difference between access control and identity management. This IAM expert response explains how the two relate as well ...continue reading
When working with PeopleSoft and Unix, which single sign-on (SSO) vendors offer the most effective products? Learn how to choose an SSO product in ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.