If you want security, use https. That's it. It is general, it works, and most of your users are familiar with it. Be happy if your service is so popular that your cpu is maxing out. Othewise you might also check into the new ns_pam module, which may have different security features, but I don't know.
