From Popular Mechanics article about hackers collecting kids data:
The more secure alternative is dynamic log-in authentication, which syncs the user's device with the website. The website's log-in process randomly generates a sequence of bytes every few moments and sends it over as a "question," and the device, which had previously been given the formula to figure it out, sends back the correct "answer." Because they're both in sync, the correct answers are always in time with the questions. Log-in credentials are used once and immediately become stale, unlike a user name/password. It's more complicated to design, but Eisen says it's overdue to become the new standard.