On The Bakery blog, there's a new article introducing dAuth:
The authentication (not authorization) system with a focus on security, using techniques such as challenge-response, customizable multiple-stage password hashing, brute force (hammering) detection etc.
The dAuth system is based around a challenge-reponse authentication system and handles ensuring the user is who they say that are, but not that they're authorized to be looking at what they see.
They include a graphic to help explain how the process flows and some talk about the changes made from some of the previous versions including detection of brute-force attempts, preventing the disabling of the fallback, and session hijacking compensation.
There's some brief bits about the installation of the tool and some final words to shove you in the right direction.