Two examples that make me think about this from time to time.<p>First, a number of sites that require registration email you with confirmation of your registration. They include your user id and password in plain text within the email. Few things are as irritating as this (at least to me). One has to think about how and if they store that email and who within the company has access to it in plain text.<p>Second: Google Chrome still has no security to prevent access to all of your passwords in plain text! OK, they added a "Show" button. Fantastic.<p>Those in tech are probably very aware of this. However, "civilians" using this browser at home or at the office might not be aware of the fact that they are opening their lives up for anyone with access to their computer.<p>These are just two of the many examples one might be able to come-up with.<p>I am starting to think that I want to see a day when every device has a fingerprint scanner and passwords are history in some form and at some level. Probably not the best solution. Not sure that one exists.
The best solution is education. Its the first thing they teach security auditors. Just about all of the really hard problems in security have solved solutions that really do thwart attackers. The issue is that both organizations and regular users do not know how to actually use them correctly.