is there a better authentication method than a simple user+password? anyone tried browserID?