For our portal access we have currently chosen to integrate our authentication with the Participant Portal with some OpenID and OAuth providers, mainly Google and Twitter.
This was a deliberate choice for this initial phase of the project, as we did not want to divert development resources from the core of the algorithm creation and portal interface with something that has to be treated with the utmost care, and is prone to so many problems in "custom" implementations. We also have the feeling you would not want to generate yet another password for yet another site (I know I don't).
With that in mind, we have enabled access through OAuth and OpenID to these two providers, both of with have a good track record in keeping their user's passwords secure and provide 2-factor authentication as a part of their identity management package.
Please bear in mind that we are requesting the MINIMUM DATA POSSIBLE on you from these providers that they let us ask for. Believe me, I have no intention of finding our what is your birthday is, and Google just does not let me unselect it on the API. :)
We are happy to explore other integrations if the participants so require, and we will be rolling our own authentication engine eventually, but our main focus is on adding new features to the service that our participants are using.
If you feel strongly that having an internal authentication engine is of the utmost importance for you to join, please send us a note. We would not like anyone to not participate on the project because of something like this.