It should include topics such as:
- How to log in
- How to remain logged in
- Managing cookies (including recommended settings)
- SSL/HTTPS encryption
- How to store passwords
- Using secret questions
- Forgotten username/password functionality
- Use of nonces to prevent cross-site request forgeries (CSRF)
- OpenID
- “Remember me” checkbox
- Browser autocompletion of usernames and passwords
- Secret URLs (public URL protected by digest)
- Checking password strength
- E-mail validation
- and much more about form based authentication…