Must you use Basic authentication? The standard alternative is to create a session in the first page and return the session id to the client (via cookies, url param or hidden form fields). Scripts in the protected directory must check if the session id is valid. If you're trying to protect static files, you'll need a custom mod_perl auth/autz handler or similar.

I think CGI::Session is the module normally used for this.

Personally I am baffled as to why Microsoft made this decision as support for it does not make any site more or less secure.

It's use for protection against spoofing. People would email URLs such as
http://www.ebay.com@3478348818/verify.cgi?id=827439327432
in phishing emails. It looks like some URL at www.ebay.com, but it really contacted 209.197.123.153*. These URLs could fool even the trained eye, if it wasn't too careful.

It seems they also prevent http://3478348818/ and other uncommon forms from working now.

* – Keep in mind that 3478348818 == ((209*255+197)*255+123)*255+153.

So why couldn't Microsoft fix the display issue in IE rather than disable the entire point of the URL (passing usernames and passwords to that URL)???

This was a horrific misuse of monopolistic power in the marketplace by Microsoft and inflamed me when I discovered this (as I had been relying on it).

Honestly, you'd have to have no respect for the technological world or any respect for human beings in general to work for Microsoft.