So many systems -- from
Yahoo's login screen to most ISP-provided POP mail to iChat/AIM to all those reg-required news-sites -- default to you sending your password in the clear or even require you to do it, it's a crine shame.
Especially given how many passwords we need to generate these days and the concomittant inevitability of recycling passwords, which means that your throwaway NYT-LAT-WashPo password, which you send in the clear every time you login to one of those sites, may suddenly become associated with your credit-card number when you buy access to an article out of the NYT archive. Now you're sending a password that unlocks limited spending authority on your credit-card in the clear, potentially several times a day. Gee, thanks, NYT.
# Encrypt all information at all times, except when it's displayed on the screen. In particular, never send plaintext email or other information across the Internet: anything that leaves your machine should be encrypted.Link
# Digitally sign all information to prevent tampering and develop a simple way to inform users whether something is from a trusted source. This might, say, replace current stupid security warnings that people don't understand because they expose the guts of the technology. ("The security certificate has expired or is not yet valid." Aha. And what does that mean to a normal person?)
# Turn on all security settings by default since most people don't mess with defaults. Then, make it easy to modify settings so that users can get trusted things done without having to open a wide hole for everybody.
# Automate all updates. Most virus software downloads new virus definitions in the background, which is a good first step. The automated patching introduced with Windows XP's SP2 is also an improvement.
# Polish security features' usability to a level far beyond anything we've seen so far. Security is inherently complicated, and it's something users don't care about (until it's too late). The user interface requires the ultimate in simplicity. Heavy user testing and detailed field research are a must.
I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.