Securing Basic-Auth Legacy Protocols

Below are docs that describe how clients should implement extensions to basic-auth protocols like IMAP/SMTP, WebDAV, and XMPP to enable:

1) Better security -- basic-auth protocols send UN/PW in each auth request with no unique identifiers, making it difficult for servers to distinguish spammers/hijackers from good users.

2) Web fallbacks when necessary -- in the event that an auth request requires additional factors than just UN/PW, these protocols have no standard mechanism to fallback to a web flow.