[jonalexr]

Agreed, I'm just toying with the idea of finding the simplest way for a user to access a website securely. Haha, that's why I posted here before implementing it ;)

We'll be focusing on mobile, and the login process could be something like PayPal's mobile app where they let you login with your phone number and PIN (min 4 digits). I'm just looking for a secure way to translate that to a web app.

Something that could help - sessions could persist for an infinite amount of time, so upon first login we send them 4 random digits via SMS and if they enter it correctly they're authenticated. Basically two factor auth without the initial password.