This article (Protect passwords? Not if latte is free) was passed on to me from a colleague who also saw the irony in this.  I would say that we're 3 years too late in making 2-factor auth a base part of computing.  This makes identity theft almost too easy... fish in a barrel. 

What do you do to keep your passwords secure?  Use the same one everywhere?  Write them down?  Keep them in your cell phone? None of these are great options. 

The alternative is a something that you need to carry around.  Any ideas on what could work?  Iris and fingerprint scanners still aren't reliable enough (in the home market).  Smartcards would work, as would token generators such as those sold by RSA and others.  But equally important is who the issuer is.  Because I don't want 20 fobs hanging off of my keychain, I want one or two to cover every site that I visit. 

Tony Bailey, the Senior Product Manager on the Microsoft Solutions for Secrity & Compliance team, has put together a list of all of our security solutions.  You can find it here:  http://www.microsoft.com/technet/community/columns/sectip/default.mspx

My group didn't write this... that is, I don't think we did, although this may have come out of our Consumer team.  But it is pretty good, basic advice for students that are heading off to school with their new laptops. 

School is in: 7 computer security tips for students

Awareness is our biggest challenge, but we've been doing a lot to make this happen.  At this point the consumers that are walking into these rediculous schemes need to accept that they are, to some extent, the authors of their own misfortune.  I like this editorial by Robert MacMillan at the Washington Post.  Here's an excerpt:

I am a staunch defender of what I call the average computer user, but I wonder whether it's time to change my tune...  It makes sense that the Internet service providers and other stewards of our online experience should do their part to protect people from online danger.  But I need to modify that point of view. Everyone should know by now that we should never trust e-mail, mobile phone messages or instant messages from strangers who want to deal with our money. If you don't know the source, delete immediately. Some of you will be yawning by now because you know this already, but the Times piece points out a tragic reality that criminals know well already -- a sucker signs on to the 'Net every minute.

Link. Microsoft Q&A.

They provide email customers with security and compliance services (retention, etc.).  As IT environments get more complex there are more opportunities for providing this type of service for part of the infrastructure.  THis is somewhat in contrast to the old approach of outsourcing everything.