Some key points:
•Require Users to Type Their Password Only Once
Instead of forcing users to type a password twice, use javascript to allow the user the ability to unmask their password to check it. Stop password masking.
•Combat Spam by Hiding a Text Field With JavaScript, Instead of Using CAPTCHA
Spambots can’t fill in the field because they can’t interact with objects in client-side JavaScript; only users can.
•Allow Users to Log in With Their Email Address
•Log Users in Without Leaving the Page
Using AJAX of course. Here's a nice jQuery drop down login that could be implemented in phpBB, for example.
•Allow Users to Log in Via Facebook, Twitter or OpenID
This option is just becoming way too common these days for phpBB's core to continue to ignore it.