Password Management

there are some rules for password management
(1) Autocomplete allows the browser to predict the value. When a user starts to type in a field, the browser should display options to fill in the field, based on earlier typed values.
so we should use autocomplete=”off”
eg:- <input type=”password” name=”pass” autocomplete=”off” />

(2) Password value must be md5 with salted.

    <?php $_SESSION['salt']=uniqid(mt_rand(), true); 
    md5( $_SESSION['salt'] . password );
?>