The simple authenticator now properly invalidates its credentials. Also, the invalidation functions have been given better names and documentation.
... including some required authenticator infrastructure