Store your passwords
- Password Safe
Multi-factor authentication can be cheap, easy -and- secure.
- Google Authenticator
- DuoSecurity (Facebook)
Account lockouts: 10 tries.
- Account lockouts are necessary to prevent brute force.
- Set a high mark, 10 tries is sufficient.
- At more than 10 fails, you probably shouldn't be logging in anyways.