UPDATE: We actually have abandoned the password protection. We have many, many apps to which access is limited to certain groups of users. We deploy them via a gateway/repository website. To download an app, we have a login for that specific app. Each app has a unique password that is distributed to the authorized users. It is a simple html login screen that works perfectly and can accommodate an unlimited number of users.
So, we no longer need PW protection within the WF project.
Just wanted to update this post in our solution information.