Achieving effective and acceptable means of user authentication has been a long-recognised challenge of IT security. While passwords are still dominant, today's implementations are exhibiting a much greater diversity of techniques and technologies, particularly in relation to those used on mobile devices. We can now readily see examples of alternative forms of secret-based approach, as well as techniques that replace or supplement secrets with tokens and biometrics. However, the rationale in some cases is not specifically to make the security stronger, but rather to make it more accessible and easier to use, which in turn increases the chances of users having some protection rather than none at all. This presentation examines the situation, and considers the fact that while the range of authentication opportunities has diversified, we are still some way from having a universally applicable and effective solution.