PHP best practices for user authentication and password security

Question

What are the best current libraries/methods to authenticate users without the use of a CMS or heavy framework?

Responses should include suggestions for anything you

Answer 1

I use OpenID .

But like stackoverflow I use the Google project openid-selector to do the heavy lifting.
Demo Page here.

The obvious advantages (of OpenID) are.

• You don't need to be a security expert.
• Users trust the big sites with their info.
• You can request things like (nickname etc) but user has to opt in.
• You don't need to worry about:
  • registration processes
  • lost/forgotten password

Answer 2

OpenID is a method to authenticate users based on their existing accounts on common web services such as Yahoo, Google and Flickr.

Logins to your site are based on a successful login to the remote site.

You do not need to store sensitive user information or use SSL to secure user logins.

A current PHP version of the library can be found here.