Make it modular and optional.
I can't help with the modular part, but you can create an account and change your preferences to the old skin.
By going to unlimited PTO, there is no more accrual, so there is no more liability and no payouts when people leave.
That said, I've spent the last few years at companies that have this policy, and it is nice to not have to worry about going negative. I don't think I take any more PTO than I would without the policy, though.
Criminals are already obscuring their plates.
FTFY. And you are correct, unfortunately.
Apparently schools find their schedules nearly impossible to compile too
This very much depends on the school. Depressing story: my father-in-law created the master schedule at an inner-city high school for several years. There were lots of requirements specified in the relevant laws and regulations; the most important -- and usually conflicting -- ones were: students have to take a certain number of class periods, each period can only have a certain number of students, and there is a certain number of teachers assigned to the building, and each teacher can teach a certain number of periods. Going strictly by the book, it was mathematically impossible. As a simplified example, let's say each student had to take 1 period of math, there were 300 students in the building, no more than 40 students were allowed in the room per period, and there was 1 math teacher assigned to the building who could teach 5 periods. Given all this, there's no way to meet the requirements. 300 / 40 > 5, or 300 / 5 > 40. Yet the school opened every year. How did he do it? He oversubscribed the periods, because he knew (roughly) what percentage of students wouldn't show up. So he'd put, say, 75 kids in the first period, and 70 in the second, knowing that half of them wouldn't show up for the first period, and maybe a few more for a second period. He might also adjust the oversubscription percentage based on the difficulty level of the class, age of the students, etc. This is the kind of thing a machine-learning program could do, but a conventional software program, with rigid rules, could never pull off.
Google has decided in their wisdom that you can't use an app password with your account unless you enable two factor authentication. That, of course, requires giving Google my cell phone number, which isn't happening.
You can do 2FA with a FIDO-compatible card (I use YubiKey), which is far more secure than cell-phone based 2FA because it cannot be SIM-swapped. The YubiKeys are not free, of course (mine cost about $45 each, and I have two), but if not giving out your phone is important to you, it might be an option.
Terpin was a major name in the tech and crypto world, especially back in the late 20-teens as the co-founder of crypto investment firm BitAngels along with early work launching Motley Fool and Match.com.
doesn't say when Terpin helped these sites; the quote only says when Terpin was a big name, which is the same time frame as when Terpin was hacked.
In computing, the mean time to failure keeps getting shorter.