TL;DR
This post is a recommendation to read Google’s 12 best practices for a user account, authentication, and password management.
No Best Practices
Many Web applications require user authentication. I know you have read James Bach’s article No Best Practices. However, you should read those 12 Google practices and check how those fit into your project context. If nothing, you could learn something new.
