Good practices for password policy include: Enforcing Password History (Restriction on password reuse and history); Maximum Password Age (how long users can keep a password before they have to change it); Minimum Password Age (how long users must keep a password before they can change it); Minimum Password Length; Passwords Must Meet Complexity Requirements; Storing Password Using Reversible Encryption For All Users. Authentication schemes such as One Time Passwords (OTP) are excellent practices.