;;;One option may be one of those images that shows a random sequence of letters to be entered
Its called a CAPTCHA image test. Yes a very good idea to stop any web form you have being hijacked by an automated process. A good Classic ASP one with complete code can be found at:
As suggested above encryption is all very good but just as important is to enforce strong passwords. Its all very good and well posting and storing and encrypted password string but if the string is weak (a real word for example) its considerably more hackable than a alpha numeric string with a special character and maybe upper and lower case characters.
You also mention a limit to the attempts, also a good idea. This is a bit over the top however one cleint we have insists on:
min string character length
alpha numeric including upper and lowe case
three failed attampts will inactivate the account for the matched user name
change enforced every 90 days
may not use any of the previous 20 passwords
However you can do all that and still get hacked of course...