Overview#Password Anti-Pattern is an Anti-pattern and are concepts that have been shown to be detrimental to Best Practices Password and user Experience  NIST.SP.800-63B, Microsoft and Bruce Schneier recommend that passwords SHOULD NOT be arbitrarily expired after some interval.
The Shared Secret#The user is asked to give the site login names and passwords for another site in order for the first site to access address books, connection lists or other data kept on the second site.
The Password Anti-Pattern, in which a shared secret (the password) directly represents the party in question (the user). By sharing this secret password with applications, the user enables applications to access protected APIs.Passwords was thought to be a good idea to prevent brute-Force attacks on passwords. All password login forms should have server-Side Login throttling schemes and allow pasting of passwords.
Verifiers SHOULD permit claimants to use "paste" functionality when entering a memorized secret. This facilitates the use of Password Managers, which are widely used and in many cases increase the likelihood that users will choose stronger memorized secret.
Remember Me Checkbox#Persistent Login Cookies ("Remember Me" functionality) are a danger zone CAPTCHAs are meant to thwart one specific category of attack: automated dictionary/Brute-Force trial-and-error with no human operator. Password Maximum Length Password Character Composition National Institute of Standards and Technology (NIST) thinks Password Hints are a bad idea:
Verifiers SHALL NOT permit the subscriber to store a "hint" that is accessible to an unauthenticated claimant.
Using Identity questions#Do not implement 'secret questions'. The 'Identity questions' feature is a security Anti-pattern and Password Anti-Pattern.
More Information#There might be more information for this subject on one of the following:
- Best Practices Password
- Best Practices for LDAP Security
- Delegation vs Impersonation
- OAuth 2.0
- Password Anti-Pattern
- Password Authentication is Broken
- Password Hint
- Password Management
- Resource Owner Password Credentials Grant
- Web Blog_blogentry_180317_1
- [#1] - Password Anti-Pattern - based on information obtained 2013-04-10
- [#2] - Passwords Evolved: Authentication Guidance for the Modern Era - based on information obtained 2017-07-26-