After seeing "Broken Authentication" listed as one of the top vulnerabilities on the OWASP Top 10, a security engineer has started looking into options to protect against this. Which of the following could the engineer implement to help protect against broken authentication?