... bcrypted passwords ... emailing password reset links ...

Those would certainly be big improvements. But something even more secure and convenient, such as OIDC, would be preferrable, imho.

If you are after a data point I can tell you that I'm in favour of hashed passwords (bcrypt or otherwise) and I would not choose to login to PerlMonks via a Google account through openidc.

FWIW, I miss BitCard.

---

🦛

Me too. I prefer to keep my logins separate, and wouldn't use my Google login for PM.

I guess that would then be "Login with an(y?) OpenID provider" instead of only "Login with Google"?

We would use OIDC for the google account login, but it sounds like you are talking about something more than that. Can you say more?
--
A math joke: r = | |csc(θ)|+|sec(θ)| |-| |csc(θ)|-|sec(θ)| |

No; in fact I can't even say that much. I don't know anything about it, really. I just know we need something better than what we have, and I think if we're going to change it we may as well come all the way to the present — no half measures. That's mho.

but bcrypted passwords seems like it is towards the top of the list. And emailing password reset links instead of passwords

Absolutely!

But The Monastery is littered with similar suggestions. They usually amount to it being a "good idea" but nobody has the resources (skills, access, time, etc) to actually shoehorn it into the existing architecture.

It seems to me that a rewrite would be an easier solution and then to either port all the existing for existing threads in or else keep the existing site as an archive. After all, the core parts of PM are not exactly difficult to create...