I suggest looking at a lot of the articles that Troy Hunt (an aussie MVP with a high focus on security) has written on his website, he goes into a lot of things about the best practices with things like this.
At a quick glance, I would suggest things like:
www.troyhunt.com/.../everything-you-ever-wanted-to-know.html and
www.troyhunt.com/.../our-password-hashing-has-no-clothes.html
The second one is a really good insight when it comes to passwords, especially when it comes to ways you do the hashing, as he explains, your password hashing is only as good as the passwords that people choose for the most part.