has some good bits in regard to that!
@DJWalnut - I recommend passphrases of five words. Easy for a person to remember, harder to crack.
Ideally use a password manager and inplement multifactor authentication every where you can.
Don't reuse passwords, this attack is based on the machine already being compromised.
Xkcd style passwords, 4+ random words.
If you have control over it, slow down the hashing to the maximum time you want to wait for a login to validate.
For remote attacks, limit the amount of tries per time window
The Vulpine Club is a friendly and welcoming community of foxes and their associates, friends, and fans! =^^=