They don't publish and an FAQ and many comments caution about relying on any specific pattern.
That said, see this thread which has some details about this recent change to the "remote" authentication sites
But be sure to also see this post in same thread by different staff member