For the last year and a half, I have worked on three major projects (apart from the birth of my daughter) and for each of them user authentication and identity management was crucial:
Digital video. With media moving to the cloud, you need to authenticate on each device in order to have access to your stuff. And for households with shared media devices (what you might call a “television”), there are opportunities for profiles-based interfaces to provide individuals access to their specific interests.
Commerce. When paying for an item, you, the merchant, and the payment processor (i.e., Visa, Mastercard, your bank) want to make sure that you actually are who you say you are, and that you have access to the money in your accounts. This is why many retailers ask to see your ID when you use a credit card, and why we have PIN numbers for our debit cards. And yet fraud is still rampant. New payment solutions need to have strong authentication and identity protection, or they will not be adopted. (I look forward to hearing how Google and American Express are handling this at our upcoming financial services event.)
Retail. Related to commerce, yes, but a subset. I'm in the midst of this project right now, and even something as simple as wish lists requires authentication management, because people will want access to them on their PCs, smartphones, and tablets.
To sum it up, as everything moves to the cloud, users will constantly need to authenticate in order to get access to their stuff. Currently, authentication takes the form of “log in,” which involves a user name and a password, which has proven quite problematic from a security perspective.
Now, this need to repeatedly authenticate is not new. We've done it on our PCs for years now, whether it's to get access to the machine itself, or to the many different websites and services where we have accounts. But with the rise of smartphones, and the greater pain-in-the-ass it is to enter user names and passwords, it's becoming clear that we need new models, new approaches. For PCs, it might have been manageable to have your passwords written on a piece of paper you keep in your desk drawer at home; for phones accessed while on-the-go, such tricks are untenable.
I believe that this reality is starting to hit tech companies in a big way. It's why Google is trying to make sense of how they handle your accounts. It's why there's been so much talk about the evolution of the Apple ID. It's why Facebook, with their 750 million users, is so interesting and potentially threatening, and why Facebook Connect is a work of genius. It's why OpenID's failure to get any traction is so frustrating.
I don't have any specific answers here. I just think this is proving to be an extremely interesting problem to solve. And it's a problem that historically has been dominated by engineering and IT concerns, but really, at heart, addresses the core of the user's experience.
(Addendum: I do wonder about biometrics (fingerprint, voice print, retinal scan). From the perspective of ease of use, I don't think there's a better solution, because it should be able to just work. But it seems so potentially invasive (and, frankly, weird), that I suspect resistance will be hard to overcome.)