Add headers for all requests
Add this to your web.config
<remove name="FormsAuthentication" />
<add name="X-XSS-Protection" value="1; mode=block"/>
<add name="X-Content-Type-Options" value="nosniff"/>
<add name="Strict-Transport-Security" value="max-age=31536000"/>
Require Strong Passwords
Go to your AccountController and find the code that creates the PasswordValidator and change it to something like this. Length is the most important thing to consider from a cryptographic complexity.
NOTE: 12 is the minimum required, but 16 is better to make it sufficiently time consuming to hack.
manager.PasswordValidator = new PasswordValidator
RequiredLength = 12,
RequireNonLetterOrDigit = true,
RequireDigit = true,
RequireLowercase = true,
RequireUppercase = true
Also read through security issues that require reviewing your code and maybe some knowledge of how your application is written.