"a. Implement s/key-opie type of one time password
systems. If your setup isn't sophisticated enough to do that, set
your default password length to the max it can be and require
everyone to have to pick a new password every other day. Make sure
you keep a password history for each user that goes back about 10
or 20 "unique" iterations."