application system data; (8) limit the number of entering wrong passwords. In practice, there should not be more than 10 unsuccessful attempts; (9) transmit passwords to users securely such as in sealed