Standards Use Hashing Use Salting Use in-transit encryption like TLS Enable password reset Use Password Manager