the duplicate behaviors are not the probelm, they are there for a reason, to unset cookie values if the remember me option is unchecked, to set them if the remeber me option _is_ checked.
the first authenticate user behavior is used if the autologin option is checked, the second is used if the login form is submitted.
the second behavior that is run when the form is submited is not set up properly.
it is set to only compare the email columnm, and the vaue it is set to use is from the validated entries collection.
it should be set to compare the email address column to the email address form element, and the password column to the password form element.
also on the session tab, the name of the session it should create should be:
SecurityAssist_UserID
not:
UserID