ICT Best Practises - Follow adequate procedures for user passwords

Inadequate password procedures are a common source of system and account intrusions. Technicians should:

• Ensure that all accounts require a password and that, if technically possible, there are automatic routines (dictionaries, pattern enforcers, etc.) that force the user to choose a good password initially and each time the password expires.
• Implement a system such that all re-usable passwords are not sent over the network in clear-text.
• Eliminate the storage of passwords on systems where feasible. Alternatives include Kerberized services or SSH with PAM support. 
• Remind users that passwords should not be shared with anyone, including friends, roommates, co-workers, supervisors, technicians, etc..
• Do not allow web browsers and other applications to "remember" user passwords.