You happen to be on stage re: details leakage and this should be an essential thought for anyone rolling their own personal authentication/authorization plan. +one for mentioning OWASP. Something which might be easily guessed is not really safe like a password. We've got talked over the many areas of hacking, http://pigpgs.com