Five Best Countermeasures against password cracking

• Enforce 7-10 characters alpha numeric password
• Set password change policy to 30 days.
• Physically isolate and protect the server.
• Use SYSKEY utility to store hashes on disk.
• Moniter the server logs for brute force attacks.