Nowadays, smartphones and tablets are widely used to access personal information through various applications and cloud services. On these mobile devices, the most commonly used identity authentications are still password-based, which have several usability and security issues. Because it is hard to type a long password on a mobile device without a physical keyboard, in contrast to traditional PCs, people usually choose to compromise the security for the ease of use by using a shorter password, or never log out the devices. In addition, with some fundamental weakness, ``password' is insecure in many practical scenario. Therefore people have developed authentication solutions with a higher security level; for example, ``two-step verification' with a one-time password. However, those ``better' solutions is not widely adopted since they are not simpler to use than just typing a password. To overcome this issue, in this paper, we propose a token-based authentication architecture, based on which a centralized single sign-on service and a password manager can be easily built, in order to solve the problem in a secure and user-friendly manner.