A while back, I was setting up an internal website (on a Windows domain with Active Directory), where I needed to identify each person who connected to it. IIS has an option for “integrated Windows authentication”: the idea is that if you’re already logged into the domain then you don’t have to provide a new username and password (or retype your Windows password) because the webserver will recognise you. This is similar to the way that permissions work on a fileserver, and I’ve used the same approach for desktop applications. One scenario is that you might want to use Outlook Web Access internally.
However, in order for this to work, the web browser actually has to send the relevant information to the webserver. The website doesn’t actually get your password, just your username, e.g. “Golgothajkirk”. Opinions may vary about whether this type of authentication is a good idea; personally, I think it is, because I don’t want people to get into the habit of typing in their password whenever a pop-up dialog box asks them for it. Still, whatever your views, it makes sense to be able to control this setting.