It's not that difficult to roll your own secure auth, this website is halfway there. Add TOTP and Webauthn and they're basically done (there's plenty of good libraries out there for both).
They also really should switch from bcrypt to something more modern like argon2, but bcrypt is a lot better than the unsalted MD5 I've seen in a lot of places.
They also really should switch from bcrypt to something more modern like argon2, but bcrypt is a lot better than the unsalted MD5 I've seen in a lot of places.