The FFIEC's document (http://www.ffiec.gov/pdf/authentication_guidance.pdf) is a good starting point.
SecurityDocs.com (http://www.securitydocs.com/Authentication/Passwords) has some great links to articles about different password solutions and stronger alternatives to passwords.
Also, I offer some common tips for strengthening passwords in chapter 7 of my book, The Little Black Book of Computer Security, entitled "Putting Software Access Controls in Place."
Dig Deeper on Privileged access management
Related Q&A from Joel Dubin
Learn about the purpose of CAPTCHA challenges that enable websites to differentiate bots from authentic users to stop spammers from hijacking forums ... Continue Reading
Proper planning is at the top of the list for single sign-on best practices, but it's important to get enterprise SSO implementations off to a good ... Continue Reading
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ... Continue Reading