I've found very useful and flexible the
user_manage script by Lincoln Stein.
Maybe you can get some ideas, or see how a secure authentication can be
This script lets you manage your users, and you can then point the .htaccess file of your protected directory to its generated password and group files.
Also, you can let users change their password using that script (it works both from the prompt and from the browser).