Last weekend's Gawker hack threw into stark relief the weaknesses of the password system we rely on to safeguard accounts we've created online. When hackers let loose the user IDs and passwords of the gossip site's users, they imperiled other accounts elsewhere on the Web where Gawker users used that same security information to log in.

Security experts tell us we should have separate passwords for each site we visit. But the average user has 25 accounts online (or, in the cases of active Internet users, many more than that). So using a different password for each simply isn't practical. That's why security professionals are developing new kinds of authentication that don't rely on memorizing alphanumeric strings.

Some of these are in the market right now. Some are pure theory. All have the potential to free us from relying on our mom's second cousin's step-sister's maiden name as our password of choice.

With ImageShield, users pre-select a set of categories. When they try to log in, the system shows them a grid of images that include some from the user's category. The user has to enter the numbers or letters associated with their preferred categories.

Say you'd chosen dogs, drinks, and clocks as your categories. Your passcode for this session would be "5A2".

The system can be used to replace passwords altogether, though today the companies that have implemented it mainly use it in addition to passwords.

We're visual creatures. Evolution has optimized our brains to remember faces much more than meaningless strings of numbers and letters. Passfaces' system assigns you several faces as your keys. When you try to log in, you have to select the correct face.

With GrIDsure, the user chooses a pattern on a grid as their "code". When they try to log in--to a phone or a computer--the system displays the grid with numbers on each square. As with ImageShield, the user enters the series of numbers that corresponds to their pattern. So in this case, the user would enter "2356."

Passmap is similar to GrIDsure, but instead of using an abstract grid, it uses an actual image. The user can select from a variety of pictures and then click on different parts of the picture grid to form their own unique code.

This summer, Facebook began using additional security measures to confirm users' identities in unusual situations. For example, if you usually log in from Chicago, but the system sees someone trying to log in to your account from Cape Town, it may ask you to identify pictures of your friends (taken from Facebook) before it will let you in. Facebook is calling this "social captcha."

The proliferation of cameras on phones, combined with vast improvements in facial recognition software, is creating the opportunity for a new kind out-of-band authentication. If you try to buy $10,000 worth of merchandise from a retail site, the site might send an SMS to the phone number it has on file, requiring you to take a picture of yourself and send it back from that same phone before it will approve the purchase.

This is still mostly hypothetical, says Kurt Roemer, chief security strategist at Citrix, but it's one of a range of biometric-style security procedures being discussed within the industry.