I have a confession to make: I've ignored a Really Bad Password Form on an inherited web application for about at least a decade too long.
I'm not proud, but every time I considered changing the password mechanism to something more modern (and more secure), decision paralysis would set in...in great part due to the design challenges I anticipated in quietly upgrading this for users of the app in question.
Read More