Use multiple authentication factors to create a robust and secure authentication strategy which meets your business requirements.
Set password policy as a function of password length, complexity, and entropy. Increase password complexity by requiring a password with case-sensitive, alphanumeric and special characters.
Further, safeguard user credentials by utilizing password dictionaries, breached password database lookups, personal information to disallow compromised or easily guessable credentials.
Track failed authentication attempts and detect anomalies using various data points such as geo-location, IP address, browser fingerprint and trigger desirable actions like temporary account block.