Potential password replacements don't offer any magic bullets. Solutions like hard tokens are expensive and hard to administer, and, as the RSA breach proved, they can be cracked too.

Grajek compares the authentication challenge to the AC/DC current battles of the 1880s. When DC was winning, New York City had wires strung so thickly that they almost blocked out the sky. The problem was that DC doesn't travel well, requiring sub-stations every mile and a half.

"The same mistake is true of the distribution of user's passwords at every cloud service," he says.

Every security expert that I talked to made the same point: There is no easy way to fix passwords, but standardization would certainly help us get closer to that goal.

SSO and SAML to the Rescue?