The purpose of this Epic is to consolidate all Security Credentialing Tasks together in order to bring visibility to ensure there are not duplicate efforts and to allow structure to the traction of the tasks.
So there's a tag where a lot of password/credential-related tasks are tracked: https://phabricator.wikimedia.org/project/board/148/. But similar to Security, it's fairly noisy. Some recent password/credential-related tasks have been public (e.g. the proposed haveibeenpwned service T189641), though many others are security-protected for obvious reasons. If we'd like to track those here, we may want to consider making this a security-protected task as well, at least for the time being. There's also a fairly enormous body of password/credential-related tasks in various states of decay from the past decade or so. Some of these do seem to have recent, relevant discussions on them, but many are probably too stale for what we would want to track here.