and a lot depends on what level of security you want to have.
The best method of authenticating users is to use the .htaccess method. This involves running a script in the cgi bin folder on your web space, and allows you to select which folders to protect, and to allocate usernames and passwords. The script has to run on a Unix server - only your web host can add/remove users on a Windows server - but apart from that it will work perfectly and be very safe.
Otherwise you can use one of the many Java script password utilities that are available. One that I've used with success in the past is Coffee Cup password wizard. Coffee Cup have an excellent reputation for useful software, and this is no exception. You can create the login interface using a Java or a Flash file - it's all automatic - and then you can add/remove users as you wish. It's reasonably secure, doesn't require any server-side scripts, and costs peanuts. Don't use it to protect anything really confidential or valuable however.
You can get a superb .htaccess script if you
click here it costs $49 which is a bargain for something this good. Mention my name and PCA and you might get them to install and configure it on the server for you at no extra cost.
The CoffeeCup wizard is available if you
click here Be warned - Coffee Cup are into web hosting in a big way, so you'll see the odd plug on the site. Fight your way through to the software, however, because it's very well worth it. Cost? Around $20 and worth every penny.