I just love the new Apple ad that was launched yesterday that you can view here. It's good because it can be applied on anything, even on our field of security. My key objective as CTO of Nexus is to achieve Security through Simplicity. It's only when we get the total user acceptance that the user will be security - exactly as in the Apple Add - end user experience is all that matters.
As we speak many cloud service providers and application providers are either implementing or planning to implement two-step authentication to mitigate the risk that we have seen with Twitter, Apple and others. It's great but first of all the services fails to deliver this globally, second there are some serious management issues and thirdly and perhaps most importantly I'm not sure that the end user experience will be helped by all of these multiple two-step authentication approaches. A more sound approach would be to support a federated identity that can be used accross and between domains. That would both raise security and deliver usability. The issue is of course the absence of trusted Identity Providers.