SMTP AUTH or SMTP-after-POP seems like a possible solution to
the needs of travelling mail users. Are there standards on
this?
Yes -- SASL and TLS are specified and their use with SMTP is specified.
Why have they not been accepted?
They have been. Practically all modern clients support it and many
modern MTAs support it. And many sites have deployed it.
Do they use simple
passwords, or do they use crypthographic authorisation -
such authorisation seems to have much difficulty getting
accepted.
Both are possible and both are used. You'll see simple passwords,
simple passwords over TLS, cram-md5, digest-md5, and various other
schemes.
The primary impediment to their use is that some companies and ISPs simply
don't see any need to support travelling mail users. In my experience once they
believe the need is there getting the service in place is rarely difficult.
Ned