A good blend between stating the obvious and saying what needs to be said regarding password security and common sense, these articles make for a good read in understanding authentication issues with software development:
The Basics of Password Security – Security Series #4
A Simple Password Strength Function – Security Series #4.1
Salting Passwords – Security Series #4.3
Jason Dean, the author of this blog, does a good job of presenting best practices as well as explaining the reasoning behind it. He uses ColdFusion code for examples, of which I know nothing, but its easy enough to read and see what’s going on and the examples further the understanding.
The explanation of hashing and salting passwords were clearly what I walked away with most, but there’s plenty more discussion to be had with new topics introduced and elaboration on the posts I linked above, so here’s a link to the blog in general: