I’m going to save this for the next time a client insists on implementing logging in with a password because they want the most secure mechanism:

twitter.com/equiman/s…