For the user this is extremely simple. For the programmers it's a bunch of new stuff to learn (or a new library to pull in) when implementing it, including things like you're going to want a whole new RDBMS table not just a wider "password" in the database - but for the user it's very simple and impossible to get wrong.
I implemented it by hand for my vanity site, it was not a tremendous amount of work. GitHub - since they are the topic after all - offers it today. But beyond big hitters (e.g. Gmail, Facebook) I am disappointed by how few have bothered.
It's a night and day difference in terms of security and in terms of ease of use but it seems most places aren't interested in doing more than the very bare minimum.
For the user this is extremely simple. For the programmers it's a bunch of new stuff to learn (or a new library to pull in) when implementing it, including things like you're going to want a whole new RDBMS table not just a wider "password" in the database - but for the user it's very simple and impossible to get wrong.
I implemented it by hand for my vanity site, it was not a tremendous amount of work. GitHub - since they are the topic after all - offers it today. But beyond big hitters (e.g. Gmail, Facebook) I am disappointed by how few have bothered.
It's a night and day difference in terms of security and in terms of ease of use but it seems most places aren't interested in doing more than the very bare minimum.