Security on mobile still sucks. We're limited to entering numbers for a PIN lock or maybe a real password or tracing a pattern on a little touchscreen, or taking a picture of our own face, just to unlock our devices. Add up the hours spent in a year by humans trying to enter passwords on mobile devices, and you'd get a ridiculously big number.

Since password entry on mobile by-and-large sucks, people often dumb down their passwords, making them less secure. They turn to password managers which often don't have the same capabilities on mobile as they do on the desktop, or just turn off or save all the passwords they can, resulting in phones and tablets that, if lost or stolen, are totally unprotected.

That doesn't even take two-step or multi-factor authentication into account. Ever watch a normal person try to use that? It's like watching a puppy be subjected to torture.

Just swipe your finger In mid-2013, both Apple and Samsung (and LG and…) were rumored to be working on integrating fingerprint scanners into their flagship smartphones. The rumor's been heralded as a breakthrough for mobile authentication, providing a form of identification that's much harder to break than a PIN lock, though neither phone would be the first to integrate fingerprint scanners. No, we're not talking about 2011's flub, the Motorola Atrix. This is about Fujitsu, who has shipped more than 30 phones that integrated fingerprint sensors. Fujitsu's first fingerprint-scanning phone incorporated technology from AuthenTec (purchased by Apple in 2012, thus spurring the rumors we're talking about today) and was released in 2003. Granted, the Fujitsu Mova F505i was a Java-powered flip phone, but for the time it was pretty advanced.

Security on mobile, for individuals, is horrible. It needs to be fixed, and that fix has to come from the OS makers. It has to be baked in, and it has to be as strong and as convenient as possible.

So how do we get there? Basic password management has to be built into the platform at the system level, so it can be everywhere and access everything. Think 1Password or Lastpass at their most basic level, usable by all the built-in and third-party apps. Any time anything on my phone or tablet needs a password, the system-wide manager should pop up, take my master password, fill in the specific account information, and let me get on about using my device.

Basic password management has to be built in at the system level.

It should also be abstracted enough that while, for now, a master password unlocks everything. One day biometrics can take its place and a fingerprint or iris scan can take on that job.

Identity is becoming a big deal on the internet. Proving who we are will be the key to online commerce. Mobile is going to play a big part in that. Once security in mobile works, your phone can prove who you are, and then unlock other services and devices around you. Just like you show a drivers license or passport today, mobile will be the ID tomorrow.

That's why mobile security has to be improved now. It has to be made simple, and it has to be made seamless.