I'm glad that you mention this:
Player authentication is the thing we are working on right now. It's a big topic and we want to get it right from the start.
The plan looks like this: Right now each device gets its unique ID implicitly. Therefore we are able to identify each device as a "player" and show him/her the corresponding highscores. We call this a "Guest" player.
There are pros and cons to guest players: Obviously the pro is that guests do not need to enter any authentication information. We do not need to authenticate them, since their data is bound to that one game installation on that one device. A player can play your game right away, without any authentication bumps in his way. First impression is critical and you should have the option to NOT throw an auth dialog into the players face, if you don't want to.
However, the big con is that - as you've already mentioned - this player can't bring his e.g. highscores to another device. This is were player authentication needs to kick in:
When we are done testing this, you'll be able to authenticate your players with, guess what, facebook. In the course of this process their "Guest" player status will be upgraded to a recoverable "Facebook" player, and they will be able to access their data on any device, as soon as they authenticate against fb. The decision to allow this to your players is, of course, yours.
I'm thinking a lot about all of this right now, so I hope I was not drifting off into too much detail with this explanation. 🙂