Use of secret authentication information (User ID and passwords)
All users should ensure these are not divulged or shared with any other parties. No method of storage unless authorised should be used to keep password records. Passwords should be changed if they may have been compromised.
Passwords should be of high quality (this changes as technology improves and hackers become more sophisticated) see hacking forums to see how various techniques reduce the possibility of a password being hacked by brute force. Systems should consider protection specifically against this type of threat. (maximum failed attempts)
Users should not use the same passwords for personal / business purposes.