I don't think we have a ticket for this yet, but it's a fairly major step that needs taking! So we should do that.
Switch to using OAuth 2 for logging in
Avoid manual copying of oAuth token
Use existing login details to fetch Acoustid API key
Only ask to "log in now" once per session
Disallow HTTP Digest authentication
[unresolved] Picard wont authenticate my musicbrainz login