Everyone has a strong opinion on how to implement auth yet seemingly no one has hard data or peer-reviewed research to back up said opinions.