Secure authentication Step 0: Research the current security landscape (do this first) Security knowledge ages on a 6-12 month half-life. The recipes below were last verified on 2026-05-08; they may be stale by the time you read this. Before applying any pattern in this skill, fan out research scoped to the authentication primitive being implemented (passwords, sessions, JWT, OAuth, MFA, passkeys) so the recipes are interpreted against current authoritative sources, not against this file's snapshot. Default-on, with a documented skip Run the 4-angle research below by default. Skip ONLY when AL…