... asking users to input their email address and password from a third-party site like GMail or Yahoo Mail is completely unacceptable

Adactio: Journal—The password anti-pattern

Jeremy Keith's password anti-pattern post came across my radar again recently. This was written almost 21 years ago in Internet time (2007), and it's still an issue today, even with the growth of OAuth as an alternative.

We should start a shame file. I've only just signed up for it, and it looks like it might be really useful, but the first entry is Dropbox.