1. https://howsecureismypassword.net - site that shows how long it would take a desktop PC to crack your password.
2. Can You Trust Your Browser With Your Passwords? - good article where author analyses how most popular browsers work with saved passwords. The most secure is FireFox, then Internet Explorer and the least secure is Chrome.
3. Password use by user type:
Password Authentication from a Human Factors Perspective: Results of a Survey among End-Users
4. How I bypassed 2-Factor-Authentication on Google, Facebook, Yahoo, LinkedIn, and many others. - in this post Shubham Shah describes how he managed to bypass it.
As for me, I tried to use 2FA system, but it was too inconvenient for me: if cookies are disabled or are deleted after closing the browser then you can't save the safe device, so every time you should get secret codes to mobile phone. I decided that this complexity is not worth it.
5. Is Pavlovian Password Management The Answer? - Lance James suggests a very simple and genius idea about protecting the passwords: the expiration of password should depend on its complexity. For example, if user creates a password that can be cracked in 3 days, the password should expire in 2 days. So if user doesn't want to change it too often he have to chose a complex one. And the whole beauty of this system is that it doesn't limit users, but trains them.
6. Google Glass Snoopers Can Steal Your Passcode With a Glance - how passwords (especially PIN codes) can be stolen offline using video cameras. The most shocking fact for me was that "a $700 Panasonic camcorder’s optical zoom was able to catch a PIN typed on a glare-obscured screen from 44 meters away".
7. Mikko Hyppönen and Sean Sullivan (from F-Secure) are talking about strong passwords:
8. Good TED talk about how users choose their passwords and what web site owners can do with it: