We are working on some examples on this topic, and hope to have them for you soon! In the meantime, and on the whole, I would recommend thinking of your canister like an API. Even though we are coming up with a pattern to generate principal ID’s per-browser, there’s nothing preventing you from using a user name and password, or to integrate with a 3rd party OATH solution.
PS don’t forget to salt your passwords! 