If your web site relies on the http(s)://username:password@server/resource.ext syntax to pass user authentication, then you need to know that support for behaviour this will be dropped in a future update of IE. See here for details: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q834489
It seems a bit strong to drop this whole approach to avoid the phishing attack, and it could have a big impact on some sites, I would have thought. So if it affects you, it's time to change your approach...