Establishment should include
describing the rationale of password security
identifying the vulnerabilities of password security
researching models for protocols and policies
writing specific protocol and policy, based on a system scenario.