I'll just add a couple things to this list that I think should get some credit. These aren't the most user-friendly solutions, but are great for those who are a little more experienced.
BitTorrent Bleep is an end-to-end encryption messaging service that also hosts encrypted VOIP calls. It is currently in public Alpha testing, so expect some bugs; however, the software functions quite well for being in the early stages. It's currently available on Windows, Mac OS, and Android. One of the nicest features is there is no registration necessary; you can use the application in "Incognito" mode, and pick a username with no personal information needed.
I've been using Bleep since the day of the public Alpha release (Sept. 17), and there haven't been many notable issues. My only gripe is about their VOIP call quality; the audio sounds like it's over-compressed at times, and one side of the conversation will drop out at random. Then again... this application is still in Alpha testing, so I'm not complaining just yet. Also, according to BitTorrent's blog, "Android users will need to set the app to “Wi-Fi Only” unless you have an unlimited data plan; this is only for the time being while we iron out an issue related to battery and data-plan."
The Blackphone is a nice tool that was released in June, and is running a custom version of Android 4.4.2 known as PrivatOS. It was the love child of GeeksPhone and SilentCircle, which are both security minded companies. The phone is unlocked for all GSM carriers.
Do your homework, phil. I've been trying to keep up with all of this stuff for the last few years, and I can confidently say that spy agencies don't need to install trojans under cover of a legit program; they have their ways of spying without all of that hassle. Half of the "secure" means of communication that we use is open to speculation on whether it's secure or not because the NSA is expending a lot of resources on breaking encryption.
Creating a trojan software to trick people is not only a waste of their time, it's a waste of resources; and will hinder them from what they are trying to accomplish with mass surveillance. Not to mention, they pay people to find security flaws in everything that currently exists (breaking software security is easier than creating secure software). They're trying to make everything readable, not trick people into giving them clear text.
The real problem that I have seen with passwords is not the ease of guessing them through brute force attacks; however it's the lack of care that goes into quality passwords, and the ease of obtaining passwords through various tools (ie: key logging, or radio frequency eavesdropping). Numerous attempts at obtaining a more secured method of security have been attempted, but text is so far the only kind that can be done with ease across the board. Using images would be quite difficult for long term uses, as one must retain a particular image for the entire life of the security measure. If the image ever is accidentally modified, becomes corrupted, or is lost due to failed sotrage, then how would one access their restricted content? If you use text as a backup, then it suffers the same security flaw as all text authorisation, and the idea of using images becomes a moot point.
This is why there have been advancements in biometrics, especially in fingerprint security. Unfortunately, it's been proven, consistently, that fingerprint security is far less reliable than text. Recently, there was a headline of using one's "heartbeat" as a means of user authentication. The problem with this? Bluetooth. Well, bluetooth is only one of the problems; there's also device cloning, or capturing a sample of the individual's heartbeat (eavesdropping on BT communications), and then spoofing the heartbeat with a new device. Okay; well, what about RFID chips/tags? That's something that's been hacked endlessly, yet we still use unencrypted RFID everywhere. Do you have a tin foil wallet? I have one...
Security measures that are currently used, or have been considered, tend to suffer from the same problem: nothing is perfect. If someone wants to break that security, they can... somehow. Fortunately, our current high-bit encryption is perfectly fine as it is - at least, that's the speculation, as it's still unknown if the NSA is harbouring a vulnerability in AES encryption, as well as others - but we must remember that the end-user is always going to be the weakest link in a strong chain; like in the case of encryption. The more secure your method is, the less forgiving it has to be. It's a perpetual cycle, and it's going to be a while before we can find a method that won't be cheated by some shmuck with nothing better to do. Eventually, encryption will be crackable with a mobile phone; but until that day comes, that's our best chance.
The only way to stop hackers from doing their thing is to not give them a reason to hack... and that will probably never change.
First off, I never said using pictures for passwords was new; I simply said the methods of use are, for the common consumer with no prior training, appear to be quite fallible. As modern society is so set on certain things, like text passwords, it would make things much more difficult to be implemented in a different way. Personally, I'm okay with using text passwords, and I'd rather keep it that way. I don't know of vary many people who are looking to change that; and that's where things start to fall apart. The consumer public has already been trained on one method; and it will be very difficult to implement a brand new method of authentication without having some sort of transitional period where it is extremely unreliable (thanks to consumer laziness).
Since I've never seen an example of the EPS you are talking about, I can't say whether I find it to be a substantial alternative. Searching for a simpler explanation, or an actual example of such a system, yields very little helpful information. Can you explain it in a different way that doesn't seem to be almost a copy/paste of what I can find on a web search? I'm not saying you did just that, but your post reads very close to what I can find elsewhere; and, frankly, it will go over most people's heads. Since this system is not one I'm currently familiar with, I'm not about to start poking around in the dark, without a proper explanation.
As far as biometrics are concerned, I'd like to see a device that is in use with conjunction; as I've not seen it. I understand that the reason Apple's biometric security is a failure due to its method; however, unless something is directly put into use, the idea is only as good as any other idea. I'm sure there are systems out there using such a method, but I'd like to see what methods might be used to circumvent such security measures.
Even still, all of this falls back onto what I've said before- nothing is perfect. Until we make a security system that is perfect, we should always expect the flaws to be heavily exploitable.
RokaCom : Encrypts your voice and video calls, along with your text messages and photos. When they encrypt your data, it is with keys that only exist on your mobile devices so no more cloud hacks! My doctor friends love it to, since it keeps them HIPAA compliant.
Email : GPG or SMIME. While smime is easier to use after setup, gpg is free and widely used as well. Start telling everyone you know to encryp their email. SMIME is built in to almost every email client as well, and some webmail services (like zimbra) have built in options to allow you to use it even in webmail.