At the moment, the best defense against password attacks is two-factor (or two-step) authentication. The user needs more than just a username and password to log in. The user needs a second element, example, a numeric string sent by SMS.
The problem with two-factor authentication is that it’s a pain, requiring an extra manual step. Here are a couple of ways to reduce that inconvenience.
Google Authenticator and Authy app generates new two-factor codes for each connected account every 30 seconds. The user reads the codes and types them to the application.
Secure Access Technologies SAT Mobile ID uses an iOS application —in lieu of SMS— to obtain authorization, and does not require any typing.
About Secure Access Technologies (SAT):
SAT is the creator of patented SAT Mobile ID tokenless solutions for two-factor authentication and single sign-on that integrate in minutes. SAT was voted best application security by CTIA. The authentication expert collaborates with partners such as RSA and MobileIron. See http://www.SecureAccessTechnologies.com for further information.