Call this not a threat but a possible salvation. Increasingnumbers of experts are giving up on the traditionalusername/password login and are beginning to look at devicesthemselves as possible authenticators of identity.

As for the problem with traditional logins, many experts pointto the recent wave of massive cyber breaches – at Adobe, LexisNexis, Dun & Bradstreet and Kroll Background Americaas for instances. Exact details of the how-to of the breaches hasnot been released but in past cases often the key that unlocks thecomputers is when an employee inadvertently gives up his/her login,through keylogging or social engineering.

Thus the rising despair about old-fashioned logins.

Mobile devices, in particular, offer fertile identificationtools. Every recent cellphone, for instance, ships with a built-inIMEI, which is a 15-digit, unique identifying number. There areways to alter an IMEI but that technology is in its infancy. Inmost cases IMEI is as solid as a fingerprint.

Mobile devices also come with rich location information and if,suddenly, a user from Jersey City N.J. is attempting to log in fromSaigon, that's a red flag.

Add it up and will devices themselves begin to take over more ofthe authentication burden from consumers? Experts surveyed byCredit Union Times said that day may be coming sooner thanyou think and that could be very good news for beleaguered securitymanagers.

“For most things, device ID is much better than user ID. Devicesare really good at security, People are really bad at it,” saidAndy Tarbox, an executive with Wave Systems, a Lee, Mass., companythat is building out a networking model based on “trustedcomputers.” The idea: it's possible to know enough about a computerto know it is a reliable friend. “There is a real movement towardssecurity based on strong device identification,” said Tarbox.

Not so fast, say others.

“There's a great interest in using mobile devices, but it won'tbe widely adopted before most consumers have these devices,” saidJohn Pironti, president at consulting firm IP Architects and anISACA advisor. “There's the lowest common denominator problem,”said Pironti, by which he meant a financial institution is unlikelyto require a customer or member to have a smartphone and those whodon't need an access route in – which means mobile cannot by itselfsecure the perimeter.

Pironti also pointed to the fact that sometimes, in some places,there just is not access to cellular devices – on airplanes, forinstance, and also in parts of rural America. There needs to bemore ubiquity of access and ownership, he suggested, until mobiledevices become the centerpiece in secure logins.

“Probably this eventually will go places,” said Pironti, “but Ibelieve device authentication will be one of several options.”

Pironti's cautions may be on the money. Even so, many pioneersare taking steps to hurry the arrival of devices into the centerstage of authentication. At iovation, for instance, Chief Technology Officer Scott Waddellexplained that the company's business revolves around buildingreputation histories for particular devices – and that thosereputations can help financial institutions decide to grant or denyaccess.

Say a legitimate user name/password is used – but the access iscoming from Lagos, Nigeria using a device that has a reputation ofinvolvement in scams and con games. That might be an easy decision,but it proves a point: knowing more about the devices is a steptowards more- secure financial transactions.

Waddell himself cautioned however that useful as knowledge of adevice can be, “we also know that devices can be tamperedwith.”

The other hold-up delaying adoption by financial institutions,according to Rick Doten, chief information security officer atBethesda, Md.-based DMI · Mobile Enterprise Solutions, is “the lackof regulatory requirements involving devices.”

He explained, that in his view, most financial institutions“want to spend as little money as possible on security,” so they dowhat the regulations demand, nothing extra.

But, he optimistically added, “This is changing. You can seeit.”

Why? The plain problem, said multiple experts, is how broken theuser name/password security system clearly is.

That's why more and more now say devices as a factor inmulti-factor authentication is gaining steam, mainly becausesomething new is needed and this just may be it.