I suspect certain users reuse pwds that were part of an abuse. I know it's not easy, but consider having a history of pwds to avoid that.
OpenID is service that allows you to log-on to many different websites using a single indentity. Find out more about OpenID and how to get an OpenID enabled account.