Below are 3 best practices:
1. Apply a "two-factor" method to logins 2. Where ID’s and passwords are manually assigned, on first signin, users need to be required to change their passwords 3. Rest/API accounts are completely separate from the application…