SecurityFocus has an article on auditing Web Site Authentication. The article (first part) discusses a standard audit procedure consisting of a list of questions to test Web site authentication schemes. Not all the questions may be relevant to a particular authentication scheme but still a very good read.