Should an application handle user credentials?

I think the answer is ‘no’ or ‘only under special circumstances’ (see Exceptions below) but would be interested in your comments. By ‘own credential management’ I mean have own store of user names AND passwords and code to challenge users for the credentials, create them, reset passwords, etc. The alternative I am recommending is for the application to use […]