The web page of Dr. Rick Smith features, among other things, The Center for Password Sanity. This is a set of essays, written while he was working on his book Authentication, all about passwords, their strengths, and their weaknesses. Definitely worth a read, and might even be worth passing along to managers who are still thinking that passwords should be handled the same way they were in 1988.