Source for this?

[gsmcnamara-okta]

"sequential authentication implementations (like Google does nowadays)" in https://github.com/OWASP/Go-SCP/blob/master/src/authentication-password-management/validation-and-storage.md

[PauloASilva]

It is likely to have come from the OWASP Secure Coding Practices Quick Reference Guide.
The example: "like Google does nowadays", should have been my creativity. Nowadays several other companies follow the same approach (I believe Okta is one of them).

What's your suggestion here @gsmcnamara-okta?

[Shivampal157]

Hi, I’d like to work on this issue and add an appropriate source reference.
Please assign it to me.

[Shivampal157]

I’ve opened a PR to address this issue: #105