Every customizable web page on the internet has a sign in page. Username and password. Every secure application or server as well. Whether it's MySQL, Microsoft Money, Unix or Amazon.com you have the same paradigm for just about every single computer system that exists: Username and password.
But that doesn't work well on mobile phones. Entering in your user name and password is a pain in the ass. The question is, why do you have to do it? Why not have just one box to enter security info in, instead of two? Combine the two entries into one so that users can identify themselves more quickly and easily.
The easiest way is to just smoosh it all together, right? "russellb12345" That seems pretty reasonable to me. It identifies who you are and pretty much guarantees that someone else isn't going to guess the password. On the web, you'd probably enter in russellb as your user name and some password or PIN like 12345. But on a phone? Why not have them all together? It'd be easy on the server side as well, you'd just compare the passcode to a list of concatenated usernames + passwords for verification.
Now it seems simple, but I wonder if that breaks user expectations? If you say to a modern consumer, "enter your username and password" they get it, but "enter your passcode"? Hmm. I'm not sure. I guess I'll have to do some user testing.
It could be that by trying to make it simpler, I'd actually make it harder. We'll see...